Skip to main content

Blog Filter EUVDEUVD-2026-20179

| CVE-2026-39517 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-08 Patchstack GHSA-fw58-q5m2-3fgm
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20179
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 6.5

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6.

AnalysisAI

DOM-Based Cross-Site Scripting (XSS) in A WP Life Blog Filter WordPress plugin versions 1.7.6 and earlier allows authenticated attackers with low privileges to inject malicious scripts that execute in victims' browsers when they interact with crafted web pages. The vulnerability stems from improper neutralization of user input during page generation and requires user interaction to trigger. No public exploit code or active exploitation has been identified at the time of analysis, with an EPSS score of 0.03% indicating low exploitation probability.

Technical ContextAI

This vulnerability is a DOM-Based XSS flaw (CWE-79: Improper Neutralization of Input During Web Page Generation) in the A WP Life Blog Filter WordPress plugin, identified by CPE cpe:2.3:a:a_wp_life:blog_filter:*:*:*:*:*:*:*:*. DOM-Based XSS occurs when client-side JavaScript code processes user-controlled data without proper sanitization or encoding, allowing attackers to inject arbitrary scripts that execute in the document object model. Unlike reflected or stored XSS, DOM-based variants are particularly dangerous because the malicious payload may not appear in the HTML source and can be difficult to detect with server-side security tools. The plugin processes user input during web page generation without adequate output encoding or input validation, creating a pathway for script injection.

RemediationAI

Update the A WP Life Blog Filter plugin to a version newer than 1.7.6 as soon as a patched release is made available. Website administrators should navigate to WordPress Dashboard > Plugins, locate Blog Filter, and apply the available update. Until a patch is released, users may temporarily disable or remove the plugin if its functionality is not critical. For additional details and updates, consult the advisory at https://patchstack.com/database/Wordpress/Plugin/blog-filter/vulnerability/wordpress-blog-filter-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve and monitor the official plugin repository or vendor notifications for patch availability.

Share

EUVD-2026-20179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy