CVE-2026-22519
Stored XSS in BuddyDev MediaPress Through
Publication date: 2026-01-08
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| buddydev | mediapress | From 1.0.0 (inc) to 1.6.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22519 is a Cross Site Scripting (XSS) vulnerability in the WordPress MediaPress Plugin up to version 1.6.2. It allows a malicious actor to inject and execute arbitrary scripts, such as redirects or advertisements, on websites using the affected plugin. Exploitation requires a privileged user (Contributor or Developer) to interact with malicious content, like clicking a link or submitting a form. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized script execution on your website, potentially causing redirects, displaying unwanted advertisements, or other malicious actions. It requires a privileged user to interact with malicious content, which limits its impact. However, it can still compromise the integrity and user experience of your site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking the version of the MediaPress plugin installed on your WordPress site. You can verify the plugin version via the WordPress admin dashboard or by running commands to inspect the plugin files. For example, using WP-CLI, you can run: `wp plugin list --status=active` to list active plugins and their versions. Additionally, monitoring for suspicious script injections or unexpected behavior in pages generated by MediaPress may indicate exploitation attempts. However, no specific detection commands for this vulnerability are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the MediaPress plugin to version 1.6.3 or later, where this vulnerability is resolved. Applying this update will prevent exploitation of the stored XSS vulnerability. Additionally, limiting user roles with Contributor or Developer privileges and educating users to avoid interacting with suspicious links or forms can reduce risk. [1]