CVE-2026-1796
Reflected XSS in StyleBidet WordPress Plugin Allows Script Injection
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stylebidet | stylebidet | to 1.0.0 (inc) |
| lawrie_malen | stylebidet | to 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The StyleBidet plugin for WordPress, up to and including version 1.0.0, is vulnerable to Reflected Cross-Site Scripting (XSS) via the URL path. This happens because the plugin does not properly sanitize input or escape output, allowing attackers to inject malicious web scripts.
An unauthenticated attacker can exploit this vulnerability by tricking a user into clicking a specially crafted link containing malicious scripts. When the user clicks the link, the injected script executes in their browser.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of the affected website for users who click on malicious links. This can lead to theft of user credentials, session hijacking, defacement of the website, or redirection to malicious sites.
Since the vulnerability requires user interaction (clicking a link), it is classified with a CVSS score of 6.1, indicating a medium severity impact with low attack complexity and no privileges required.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a Reflected Cross-Site Scripting (XSS) in the StyleBidet WordPress plugin (version 1.0.0 and earlier) via the URL path due to insufficient input sanitization and output escaping.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can check if the StyleBidet plugin version 1.0.0 or earlier is installed on your WordPress site.'}, {'type': 'paragraph', 'content': 'You can also test for the vulnerability by crafting a URL with a malicious script payload in the URL path and observing if the script is reflected and executed in the page output.'}, {'type': 'list_item', 'content': "Use curl or wget to send a request with a script payload in the URL path, for example: curl -i 'http://yourwordpresssite.com/<script>alert(1)</script>'"}, {'type': 'list_item', 'content': 'Use browser developer tools or intercepting proxies (like Burp Suite) to inspect if the injected script appears unescaped in the page response.'}, {'type': 'list_item', 'content': 'Check the installed plugin version via WP-CLI: wp plugin list --field=version --name=stylebidet'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Update or remove the StyleBidet plugin if an updated, patched version is available.'}, {'type': 'list_item', 'content': 'If no update is available, consider disabling or uninstalling the StyleBidet plugin to prevent exploitation.'}, {'type': 'list_item', 'content': "Restrict access to the WordPress admin area and ensure only trusted users have the 'manage_options' capability."}, {'type': 'list_item', 'content': 'Implement Web Application Firewall (WAF) rules to block suspicious URL paths containing script tags or suspicious payloads.'}, {'type': 'list_item', 'content': 'Educate users to avoid clicking on suspicious links that could exploit this reflected XSS vulnerability.'}] [1]