CVE-2026-24558
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24558
EUVD
EUVD-2026-4385
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
antoniobg abg_rich_pins to 1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24558 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ABG Rich Pins Plugin versions up to and including 1.1. It allows an attacker to inject malicious scripts into web pages generated by the plugin. The attack requires a privileged user, such as a contributor or developer, to interact with a crafted link, page, or form. Once exploited, the malicious scripts can execute when visitors access the compromised site, potentially causing redirects, displaying unwanted advertisements, or executing other harmful HTML payloads. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful actions affecting site visitors. It requires interaction from a privileged user to be exploited, and while it has a moderate risk level (CVSS 6.5), it is considered low priority with low severity impact and unlikely to be widely exploited. [1]

Detection Guidance

Detection of this Stored Cross-Site Scripting (XSS) vulnerability in the ABG Rich Pins plugin involves monitoring for unusual script injections or unexpected HTML payloads in the content generated by privileged users such as contributors or developers. Since exploitation requires user interaction (e.g., clicking malicious links or submitting crafted forms), reviewing logs for suspicious user actions or scanning the website content for injected scripts may help. However, no specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include limiting the privileges of users who can interact with the plugin to reduce the risk of exploitation, monitoring for suspicious activity, and applying any available security intelligence or mitigation guidance from services like Patchstack. Since no official fix is currently available, it is recommended to follow best practices such as restricting access, educating users about phishing or malicious links, and keeping the plugin updated if future patches are released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24558. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart