CVE-2026-57617
Deferred Deferred - Pending Action

Contributor XSS in SeedProd Pro Versions Below 6.19.5

Vulnerability report for CVE-2026-57617, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
seedprod pro to 6.19.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress SeedProd Pro Plugin versions prior to 6.19.5.

It allows an attacker to inject malicious scripts into the website, which can execute when visitors access the site.

Exploitation requires a privileged user to perform an action such as clicking a malicious link or submitting a form.

Detection Guidance

This vulnerability affects the WordPress SeedProd Pro Plugin versions prior to 6.19.5. Detection involves verifying the plugin version installed on your WordPress site.

  • Check the SeedProd Pro plugin version via the WordPress admin dashboard under Plugins.
  • Use WP-CLI command to check the plugin version: wp plugin list | grep seedprod
  • Look for suspicious user actions or unexpected script injections in logs, especially from privileged users clicking links or submitting forms.
Impact Analysis

If exploited, this vulnerability could allow attackers to run malicious scripts on your website.

  • These scripts could perform redirects to malicious sites.
  • They could display unwanted advertisements.

The vulnerability has a CVSS score of 6.5, indicating a moderate risk that could be leveraged in widespread attacks targeting websites of any size or popularity.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in SeedProd Pro affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate recommended action is to update the SeedProd Pro plugin to version 6.19.5 or later, where the vulnerability is patched.

  • Apply the official patch by upgrading the plugin to version 6.19.5 or newer.
  • Enable auto-updates for the SeedProd Pro plugin if using Patchstack or similar management tools.
  • Limit privileged user actions and educate users about the risks of clicking suspicious links or submitting untrusted forms.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57617. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart