CVE-2026-57417
Received Received - Intake

Stored XSS in Cart Lift WordPress Plugin

Vulnerability report for CVE-2026-57417, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3.1.57.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rextheme cart_lift From 3.0.0 (inc) to 3.1.57 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57417 is a Cross Site Scripting (XSS) vulnerability found in the WordPress Cart Lift Plugin versions 3.1.57 and below.

This vulnerability occurs due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts that execute when users visit the affected site.

Exploitation typically requires user interaction, such as clicking a malicious link or visiting a crafted page, and often involves a privileged user.

Impact Analysis

Successful exploitation of this vulnerability can lead to attackers injecting malicious scripts into the website.

  • Execution of malicious redirects or advertisements on the site.
  • Potential compromise of user data and site integrity.
  • Moderate severity with a CVSS score of 7.1, indicating a significant risk especially in mass exploitation campaigns.
Mitigation Strategies

To mitigate the vulnerability in the WordPress Cart Lift Plugin (versions 3.1.57 and below), the immediate recommended step is to update the plugin to version 3.1.58 or later.

Until the update can be applied, Patchstack has provided a mitigation rule that can be used to block attacks targeting this vulnerability.

If you are unable to update immediately, seek assistance from your hosting provider or a developer to apply the mitigation rule or other protective measures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57417. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart