CVE-2026-57656
Deferred Deferred - Pending Action
Author Cross Site Scripting in Hester Core

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57656
EUVD
EUVD-2026-39771
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack hester_core to 1.1.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-57656 is a Cross Site Scripting (XSS) vulnerability found in the WordPress Hester Core Plugin versions 1.1.8 and below.

This vulnerability allows attackers to inject malicious scripts into the website, which execute when visitors access the site.

Exploitation requires user interaction, such as clicking a malicious link or submitting a form.

The issue has been fixed in version 1.1.9 of the plugin.

Impact Analysis

This vulnerability can lead to the execution of malicious scripts on your website when users interact with crafted inputs.

Potential impacts include theft of user data, session hijacking, defacement of the website, or redirection to malicious sites.

Since exploitation requires user interaction, the risk depends on users clicking malicious links or submitting harmful forms.

The vulnerability has a moderate severity with a CVSS score of 5.9.

Detection Guidance

This vulnerability affects the WordPress Hester Core Plugin versions 1.1.8 and below and is a Cross Site Scripting (XSS) issue. Detection involves identifying if the vulnerable plugin version is installed on your WordPress site.

You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on the server hosting WordPress.

  • Use WP-CLI to check the plugin version: wp plugin list | grep hester-core
  • Manually inspect the plugin's readme or main plugin file for the version number, e.g., cat wp-content/plugins/hester-core/readme.txt | grep "Stable tag"

Additionally, monitoring web traffic for suspicious script injections or unusual user interactions involving the plugin could help detect exploitation attempts, but no specific detection commands are provided.

Mitigation Strategies

The primary mitigation step is to update the Hester Core Plugin to version 1.1.9 or later, where the vulnerability has been patched.

If immediate updating is not possible, consider disabling the plugin temporarily to prevent exploitation.

Enabling auto-updates for the plugin can help ensure that future vulnerabilities are patched promptly.

Since the vulnerability requires user interaction, educating users to avoid clicking suspicious links or submitting untrusted forms can reduce risk.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in Hester Core versions 1.1.8 and below affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57656. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart