EUVD-2026-15730
GHSA-8gj9-mjf2-56qh
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through <= 2.2.
Analysis
A Stored Cross-Site Scripting (XSS) vulnerability exists in the WPDO Remoji WordPress plugin through version 2.2, allowing attackers to inject malicious JavaScript code that persists in the database and executes in the browsers of site visitors. This vulnerability affects all installations of Remoji up to and including version 2.2, enabling authenticated or unauthenticated attackers (depending on plugin configuration) to compromise website visitors' sessions, steal credentials, or redirect users to malicious sites. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems and apply vendor patches promptly. Verify anti-CSRF tokens and content security policies are enforced.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today