CVE-2026-57319
Deferred Deferred - Pending Action
Unauthenticated XSS in FOX <= 1.4.8

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57319
EUVD
EUVD-2026-39732
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack fox_plugin to 1.4.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress FOX Plugin, versions 1.4.8 and below, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means that an attacker can inject malicious scripts into the website without needing to be logged in or authenticated.

Successful exploitation requires user interaction, such as clicking a malicious link or visiting a specially crafted page. Once exploited, the attacker can inject malicious scripts like redirects or advertisements into the website.

This vulnerability is classified as medium priority with a CVSS score of 7.1 and falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts into your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other malicious actions.

Because the attack is unauthenticated, it can be exploited by anyone without needing access credentials, increasing the risk of mass exploitation.

The vulnerability requires user interaction, so users visiting your site might be tricked into executing malicious scripts, potentially compromising their data or experience.

Detection Guidance

This vulnerability is an unauthenticated Cross Site Scripting (XSS) in FOX Plugin versions 1.4.8 and below. Detection typically involves monitoring for suspicious HTTP requests containing malicious scripts or payloads targeting the vulnerable plugin endpoints.

While specific commands are not provided in the available resources, common detection methods include using web application firewalls (WAF) with rules to detect XSS payloads, inspecting web server logs for unusual query parameters or script injections, and employing vulnerability scanners that check for known XSS vulnerabilities in the FOX plugin.

Mitigation Strategies

The immediate recommended step is to update the FOX Plugin to version 1.4.9 or later, where the vulnerability has been patched.

Until the update can be applied, applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability is advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart