What is the CVSS score of CVE-2026-7850?

CVE-2026-7850 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. EPSS exploitation probability: 0.2%.

Is there a public PoC exploit available for CVE-2026-7850?

Yes, a public proof-of-concept exploit is available for CVE-2026-7850. Prioritise patching immediately. EPSS: 0.2%.

Wp Magnific Popup CVE-2026-7850

EUVD-2026-37556 MEDIUM

2026-06-17 WPScan

XSS WordPress Wp Magnific Popup

5.9

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.9 MEDIUM

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

CVE Published

Jun 17, 2026 - 06:00 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks against any visiting user.

Analysis

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-7850 vulnerability details – vuln.today

Back