Skip to main content

Email Address Encoder

2 CVEs product

Monthly

CVE-2026-5305 HIGH POC PATCH This Week

Stored cross-site scripting in the Email Address Encoder WordPress plugin (free, before 1.0.25) and its Email Encoder Premium counterpart (before 0.3.12) lets unauthenticated visitors inject persistent JavaScript through the plugin's flawed email-replacement handling. Publicly available exploit code exists (disclosed by WPScan) and a vendor patch is available, but it is not in CISA KEV, so there is no public exploit identified as actively used in the wild. Successful exploitation executes attacker script in the browser of any user who later renders the affected page, typically an authenticated administrator.

WordPress XSS Email Address Encoder Email Encoder Premium
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-48765 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.0.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Email Address Encoder
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Stored cross-site scripting in the Email Address Encoder WordPress plugin (free, before 1.0.25) and its Email Encoder Premium counterpart (before 0.3.12) lets unauthenticated visitors inject persistent JavaScript through the plugin's flawed email-replacement handling. Publicly available exploit code exists (disclosed by WPScan) and a vendor patch is available, but it is not in CISA KEV, so there is no public exploit identified as actively used in the wild. Successful exploitation executes attacker script in the browser of any user who later renders the affected page, typically an authenticated administrator.

WordPress XSS Email Address Encoder +1
NVD WPScan VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.0.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Email Address Encoder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy