Skip to main content

Entredroppers

1 CVEs product

Monthly

CVE-2026-8628 MEDIUM This Month

Reflected Cross-Site Scripting in the EntreDroppers WordPress plugin (all versions through 1.1.2) allows unauthenticated attackers to inject arbitrary JavaScript into victim browsers by embedding script payloads in the URL path-info segment, which PHP reflects unsanitized through the PHP_SELF server variable into the form action attribute at EntreDroppers.php line 223. Successful exploitation requires tricking an authenticated WordPress administrator into clicking a crafted link pointing to the /wp-admin/ context, making this a social-engineering-dependent attack. No public exploit code or active exploitation has been identified at time of analysis; no patch has been confirmed from available data.

PHP XSS WordPress Entredroppers
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting in the EntreDroppers WordPress plugin (all versions through 1.1.2) allows unauthenticated attackers to inject arbitrary JavaScript into victim browsers by embedding script payloads in the URL path-info segment, which PHP reflects unsanitized through the PHP_SELF server variable into the form action attribute at EntreDroppers.php line 223. Successful exploitation requires tricking an authenticated WordPress administrator into clicking a crafted link pointing to the /wp-admin/ context, making this a social-engineering-dependent attack. No public exploit code or active exploitation has been identified at time of analysis; no patch has been confirmed from available data.

PHP XSS WordPress +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy