Skip to main content

Remoji

1 CVEs product

Monthly

CVE-2026-25452 HIGH This Week

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WPDO Remoji WordPress plugin through version 2.2, allowing attackers to inject malicious JavaScript code that persists in the database and executes in the browsers of site visitors. This vulnerability affects all installations of Remoji up to and including version 2.2, enabling authenticated or unauthenticated attackers (depending on plugin configuration) to compromise website visitors' sessions, steal credentials, or redirect users to malicious sites. While CVSS and EPSS scores are not publicly available, the vulnerability's classification as Stored XSS and reporting through Patchstack indicate moderate-to-high real-world severity.

XSS Remoji
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WPDO Remoji WordPress plugin through version 2.2, allowing attackers to inject malicious JavaScript code that persists in the database and executes in the browsers of site visitors. This vulnerability affects all installations of Remoji up to and including version 2.2, enabling authenticated or unauthenticated attackers (depending on plugin configuration) to compromise website visitors' sessions, steal credentials, or redirect users to malicious sites. While CVSS and EPSS scores are not publicly available, the vulnerability's classification as Stored XSS and reporting through Patchstack indicate moderate-to-high real-world severity.

XSS Remoji
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy