CVE-2026-24975
Received Received - Intake
Reflected XSS in NooTheme Organici Library

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through <= 2.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24975
EUVD
EUVD-2026-15590
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nootheme organici_library to 2.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-24975 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress Organici Library Plugin versions up to 2.1.2. Detection typically involves identifying attempts to inject malicious scripts via URLs, forms, or other input fields that reflect user input without proper sanitization.

While specific commands are not provided in the resources, common detection methods include monitoring web server logs for suspicious query strings or payloads containing script tags or JavaScript code.

  • Use tools like curl or wget to test input fields or URLs for reflected script injection, e.g., sending payloads like <script>alert(1)</script> and observing if they are reflected in the response.
  • Employ web vulnerability scanners that support XSS detection against the affected plugin endpoints.
  • Check for plugin version by running commands to list installed WordPress plugins and their versions, for example: wp plugin list | grep organici-library
Mitigation Strategies

The primary and immediate mitigation step is to update the WordPress Organici Library Plugin to version 2.1.3 or later, where this vulnerability has been patched.

If immediate updating is not possible, apply the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Users unable to update or apply mitigations should seek assistance from their hosting provider or web developer to implement temporary protections.

Executive Summary

This vulnerability is a Reflected Cross-site Scripting (XSS) issue in the NooTheme Organici Library (noo-organici-library). It occurs due to improper neutralization of input during web page generation, which means that user-supplied input is not properly sanitized or escaped before being included in web pages. As a result, an attacker can inject malicious scripts that are reflected back to users, potentially executing in their browsers.

Impact Analysis

This Reflected XSS vulnerability can allow attackers to execute malicious scripts in the context of a victim's browser. This can lead to theft of sensitive information such as cookies or session tokens, defacement of websites, redirection to malicious sites, or other malicious actions performed on behalf of the user.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24975. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart