CVE-2026-57319
Deferred Deferred - Pending Action

Unauthenticated XSS in FOX <= 1.4.8

Vulnerability report for CVE-2026-57319, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack fox_plugin to 1.4.8 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress FOX Plugin, versions 1.4.8 and below, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means that an attacker can inject malicious scripts into the website without needing to be logged in or authenticated.

Successful exploitation requires user interaction, such as clicking a malicious link or visiting a specially crafted page. Once exploited, the attacker can inject malicious scripts like redirects or advertisements into the website.

This vulnerability is classified as medium priority with a CVSS score of 7.1 and falls under the OWASP Top 10 category A3: Injection.

Detection Guidance

This vulnerability is an unauthenticated Cross Site Scripting (XSS) in FOX Plugin versions 1.4.8 and below. Detection typically involves monitoring for suspicious HTTP requests containing malicious scripts or payloads targeting the vulnerable plugin endpoints.

While specific commands are not provided in the available resources, common detection methods include using web application firewalls (WAF) with rules to detect XSS payloads, inspecting web server logs for unusual query parameters or script injections, and employing vulnerability scanners that check for known XSS vulnerabilities in the FOX plugin.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other malicious actions.

Because the attack is unauthenticated, it can be exploited by anyone without needing access credentials, increasing the risk of mass exploitation.

The vulnerability requires user interaction, so users visiting your site might be tricked into executing malicious scripts, potentially compromising their data or experience.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in FOX Plugin versions 1.4.8 and below directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate recommended step is to update the FOX Plugin to version 1.4.9 or later, where the vulnerability has been patched.

Until the update can be applied, applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability is advised.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart