CVE-2026-5306
Received
Received - Intake
Stored XSS in Check & Log Email WordPress Plugin
Vulnerability report for CVE-2026-5306, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: WPScan
Description
Description
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| check_and_log_email | check_and_log_email | to 2.0.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |