CVE-2026-57342
Deferred Deferred - Pending Action

Subscriber XSS in ShortPixel Adaptive Images <= 3.11.3

Vulnerability report for CVE-2026-57342, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
shortpixel adaptive_images to 3.11.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress ShortPixel Adaptive Images Plugin, versions 3.11.3 and below, is vulnerable to a Cross Site Scripting (XSS) attack. This vulnerability allows malicious actors to inject harmful scripts into websites, which can execute when visitors access the site.

Exploitation requires a privileged user to perform an action, such as clicking a malicious link. The vulnerability is classified as medium priority with a CVSS score of 6.5.

Impact Analysis

This vulnerability can lead to malicious scripts executing on your website when visitors access it. Potential impacts include unwanted redirects or displaying harmful or unwanted content.

Since exploitation requires a privileged user action, it could also lead to further compromise if such users are tricked into clicking malicious links.

Detection Guidance

This vulnerability involves Cross Site Scripting (XSS) in the ShortPixel Adaptive Images WordPress plugin versions 3.11.3 and below. Detection typically involves identifying if the vulnerable plugin version is installed and monitoring for suspicious script injections or unusual behavior triggered by privileged users clicking malicious links.

Specific commands to detect this vulnerability are not provided in the available resources. However, general detection steps include checking the plugin version installed on your WordPress site and scanning for XSS payloads in user inputs or URLs related to the plugin.

Mitigation Strategies

To mitigate this vulnerability immediately, update the ShortPixel Adaptive Images plugin to version 3.11.4 or later, where the issue is patched.

Until the update can be applied, use mitigation tools such as Patchstack to block potential attacks exploiting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart