The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via...

Description

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks

Basic information

Type
unreviewed
Severity
unknown
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Not specified
Published (advisory)
2026-05-20 09:30:34 UTC
Updated
2026-05-20 09:30:37 UTC
NVD published
2026-05-20

EPSS Score

Score Percentile
0.05% 16.04%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

References

cvelogic Threat Intelligence