The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks
| Score | Percentile |
|---|---|
| 0.05% | 16.04% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-hmgx-5p26-ccf2 ↗ |
| CVE | CVE-2026-5776 ↗ |