CVE-2026-39517
Received Received - Intake
DOM-Based XSS in Blog Filter ≀1.7.6 Enables Script Injection

Publication date: 2026-04-08

Last updated on: 2026-04-10

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39517
EUVD
EUVD-2026-20179
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wp_life_blog blog_filter to 1.7.6 (inc)
wp_life blog_filter From 1.0 (inc) to 1.7.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-39517 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-39517 is a Cross Site Scripting (XSS) vulnerability in the WordPress Blog Filter Plugin versions up to and including 1.7.6.

This vulnerability allows attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into websites using the vulnerable plugin.

These malicious scripts execute when visitors access the compromised site.

Exploitation requires a user with at least Contributor or Developer privileges to interact with a crafted link, page, or form, meaning user interaction is necessary for the attack to succeed.

Impact Analysis

The vulnerability can lead to attackers injecting and executing malicious scripts on your website, which can result in unauthorized redirects, unwanted advertisements, or other harmful HTML content being displayed to your visitors.

This can damage your website's reputation, compromise user trust, and potentially expose users to further attacks.

However, exploitation requires user interaction by someone with Contributor or Developer privileges, which limits the scope of the threat.

The vulnerability has a moderate severity level with a CVSS score of 6.5.

Detection Guidance

This vulnerability is a DOM-Based Cross-Site Scripting (XSS) issue affecting the WordPress Blog Filter Plugin up to version 1.7.6. Detection typically involves identifying if the vulnerable plugin version is installed and if malicious scripts are being injected or executed.

Since exploitation requires user interaction and involves injection of malicious scripts, detection can include scanning for suspicious script injections in web pages generated by the plugin.

Specific commands are not provided in the available resources, but general detection steps include:

  • Check the installed version of the Blog Filter plugin to see if it is version 1.7.6 or earlier.
  • Use web vulnerability scanners that detect XSS vulnerabilities on your WordPress site.
  • Monitor HTTP requests and responses for suspicious script injections or unexpected HTML payloads.
  • Review user actions, especially those with Contributor or Developer privileges, for suspicious activity.
Mitigation Strategies

The primary and immediate mitigation step is to update the WordPress Blog Filter plugin to version 1.7.7 or later, where this vulnerability has been patched.

Additional mitigation measures include:

  • Apply patches or updates provided by the plugin developer as soon as possible.
  • Use auto-update features if available to ensure the plugin remains up to date.
  • Limit user privileges to reduce the risk of exploitation, especially for users with Contributor or Developer roles.
  • Monitor your website for unusual activity or signs of script injection.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart