Wp Emmet
Monthly
Stored Cross-Site Scripting in the WP Emmet WordPress plugin (by rewish) versions 0.3.4 and earlier allows an administrator-level user to inject persistent malicious scripts through the plugin interface, which then execute in the browsers of other users who visit affected pages. The CVSS scope-change metric (S:C) confirms the injected payload crosses trust boundaries beyond the attacker's own session, enabling session hijacking, credential theft, or unauthorized actions against victims. No public exploit has been identified at time of analysis, and the vulnerability has not appeared in CISA KEV.
Stored Cross-Site Scripting in the WP Emmet WordPress plugin (by rewish) versions 0.3.4 and earlier allows an administrator-level user to inject persistent malicious scripts through the plugin interface, which then execute in the browsers of other users who visit affected pages. The CVSS scope-change metric (S:C) confirms the injected payload crosses trust boundaries beyond the attacker's own session, enabling session hijacking, credential theft, or unauthorized actions against victims. No public exploit has been identified at time of analysis, and the vulnerability has not appeared in CISA KEV.