Skip to main content

Gyan Elements

1 CVEs product

Monthly

CVE-2026-23979 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Softwebmedia Gyan Elements WordPress plugin through version 2.2.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. This vulnerability affects all versions up to and including 2.2.1, enabling attackers to steal session tokens, perform unauthorized actions, or harvest sensitive user data. While no CVSS score or EPSS data is currently published, the nature of reflected XSS combined with WordPress plugin distribution suggests moderate-to-high real-world exploitation potential, particularly if users remain on vulnerable versions.

XSS Gyan Elements
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Softwebmedia Gyan Elements WordPress plugin through version 2.2.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. This vulnerability affects all versions up to and including 2.2.1, enabling attackers to steal session tokens, perform unauthorized actions, or harvest sensitive user data. While no CVSS score or EPSS data is currently published, the nature of reflected XSS combined with WordPress plugin distribution suggests moderate-to-high real-world exploitation potential, particularly if users remain on vulnerable versions.

XSS Gyan Elements
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy