Skip to main content

Author Box Wp Lens

1 CVEs product

Monthly

CVE-2026-57420 MEDIUM This Month

Stored cross-site scripting in the Author Box WP Lens WordPress plugin (versions through 2.1.5) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browsers of any user who views an affected page, including administrators. The CVSS scope change (S:C) reflects that the injected script runs in a different security context than where it was stored, meaning a contributor-level attacker can target higher-privileged victims browsing the same site. No public exploit identified at time of analysis and no CISA KEV listing; however, multi-author WordPress deployments with untrusted contributors face realistic risk of privilege escalation via session hijacking.

XSS Author Box Wp Lens
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting in the Author Box WP Lens WordPress plugin (versions through 2.1.5) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browsers of any user who views an affected page, including administrators. The CVSS scope change (S:C) reflects that the injected script runs in a different security context than where it was stored, meaning a contributor-level attacker can target higher-privileged victims browsing the same site. No public exploit identified at time of analysis and no CISA KEV listing; however, multi-author WordPress deployments with untrusted contributors face realistic risk of privilege escalation via session hijacking.

XSS Author Box Wp Lens
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy