Skip to main content

Naturalife Extensions

1 CVEs product

Monthly

CVE-2026-25018 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the stmcan NaturaLife Extensions WordPress plugin through version 2.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper input neutralization during web page generation (CWE-79), enabling attackers to steal session cookies, perform actions on behalf of users, or redirect users to malicious sites. No CVSS score, EPSS data, or KEV status have been published for this CVE, but the Patchstack report indicates active awareness in the security community.

XSS Naturalife Extensions
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the stmcan NaturaLife Extensions WordPress plugin through version 2.1, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper input neutralization during web page generation (CWE-79), enabling attackers to steal session cookies, perform actions on behalf of users, or redirect users to malicious sites. No CVSS score, EPSS data, or KEV status have been published for this CVE, but the Patchstack report indicates active awareness in the security community.

XSS Naturalife Extensions
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy