CVE-2026-24617
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24617
EUVD
EUVD-2026-4327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
daniel_iser easy_modal From 2.1.0|end_including=2.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24617 is a Cross Site Scripting (XSS) vulnerability in the WordPress Easy Modal Plugin versions up to 2.1.0. It allows an attacker to inject malicious scripts into web pages generated by the plugin. Exploitation requires a privileged user (Contributor or Developer) to interact with a crafted malicious link, page, or form. When other site visitors access the affected pages, the injected scripts can execute, potentially causing redirects, displaying unwanted advertisements, or other harmful actions. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website through the Easy Modal plugin. This can lead to unauthorized redirects, display of unwanted content, or other malicious activities that affect site visitors. However, exploitation requires a privileged user to interact with malicious content, which limits the risk. There is currently no official fix available. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for suspicious script injections or unexpected HTML payloads in the Easy Modal plugin pages, especially those triggered by privileged users (Contributor or Developer roles). Since exploitation requires user interaction with crafted inputs, you can audit logs for unusual user actions such as clicking unknown links or submitting unexpected forms. Specific commands are not provided in the resources, but general approaches include reviewing web server logs, using web vulnerability scanners targeting XSS, and inspecting the plugin's output for injected scripts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting privileged user interactions with the Easy Modal plugin until a patch is available, educating users with Contributor or Developer roles about the risk of clicking unknown links or submitting untrusted forms, and monitoring for suspicious activity. Since no official fix or patched version is currently available, applying strict input validation and sanitization at the application level or disabling the plugin temporarily can reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24617. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart