CVE-2026-1795
Reflected XSS in Address Bar Ads WordPress Plugin
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | address_bar_ads | to 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Address Bar Ads plugin for WordPress is a Reflected Cross-Site Scripting (XSS) issue that occurs via the URL path. This happens because the plugin does not properly sanitize input or escape output in all versions up to and including 1.0.0.
An unauthenticated attacker can exploit this by injecting arbitrary web scripts into pages. These scripts execute if a user is tricked into performing an action, such as clicking on a specially crafted link.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in the context of the affected website, potentially leading to theft of user credentials, session hijacking, or unauthorized actions performed on behalf of the user.
Because the attack requires user interaction (such as clicking a link), it can be used in phishing attacks or to spread malware.
The CVSS score of 6.1 indicates a medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction, and impacts confidentiality and integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the Address Bar Ads WordPress plugin version 1.0.0 or earlier is installed and active on your WordPress site.'}, {'type': 'paragraph', 'content': "You can also detect attempts to exploit the vulnerability by monitoring HTTP requests for suspicious URL paths that might contain injected scripts targeting the plugin's reflected cross-site scripting (XSS) flaw."}, {'type': 'paragraph', 'content': 'Suggested commands to detect the plugin and potential exploitation attempts include:'}, {'type': 'list_item', 'content': 'Check if the plugin is installed and its version via WP-CLI: `wp plugin list | grep address-bar-ads`'}, {'type': 'list_item', 'content': 'Search web server logs for suspicious URL patterns that include script tags or unusual characters in the URL path, for example using grep: `grep -iE "<script|%3Cscript" /var/log/apache2/access.log`'}, {'type': 'list_item', 'content': 'Use network monitoring tools or intrusion detection systems to flag HTTP requests with suspicious payloads in the URL path.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should:
- Update the Address Bar Ads plugin to a version later than 1.0.0 if available, where the input sanitization and output escaping issues are fixed.
- If no update is available, consider disabling or uninstalling the plugin to prevent exploitation.
- Implement Web Application Firewall (WAF) rules to block suspicious requests containing script injections in URL paths.
- Educate users to avoid clicking on suspicious links that could trigger the reflected XSS attack.