Skip to main content

Loops Logic

1 CVEs product

Monthly

CVE-2026-57391 MEDIUM This Month

Stored cross-site scripting in the Tangible Loops & Logic WordPress plugin (versions through 4.2.3) allows a low-privileged authenticated user to inject persistent malicious scripts into web pages that execute in the browsers of site visitors or administrators. The scope change (S:C in CVSS) confirms the payload escapes the injection context and executes in a victim's browser session, enabling session hijacking, credential theft, or malicious redirects. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity makes this straightforward to exploit once an attacker holds contributor-level access.

XSS Loops Logic
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting in the Tangible Loops & Logic WordPress plugin (versions through 4.2.3) allows a low-privileged authenticated user to inject persistent malicious scripts into web pages that execute in the browsers of site visitors or administrators. The scope change (S:C in CVSS) confirms the payload escapes the injection context and executes in a victim's browser session, enabling session hijacking, credential theft, or malicious redirects. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity makes this straightforward to exploit once an attacker holds contributor-level access.

XSS Loops Logic
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy