CVE-2026-57673
Deferred Deferred - Pending Action

Unauthenticated Cross Site Scripting in Optimole

Vulnerability report for CVE-2026-57673, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
optimole optimole to 4.2.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

If exploited, this vulnerability can allow attackers to inject malicious scripts into your website, which can lead to harmful consequences such as unauthorized redirects or displaying unwanted advertisements to your visitors.

This can damage your website's reputation, degrade user experience, and potentially expose your users to further attacks.

Executive Summary

The WordPress Optimole Plugin, versions up to and including 4.2.7, is vulnerable to a Cross Site Scripting (XSS) attack. This means an attacker can inject malicious scripts into the website, which can then execute harmful actions such as redirects or displaying unwanted advertisements when visitors access the site.

The vulnerability is classified as medium priority with a CVSS score of 7.1, indicating a moderate level of danger. Exploitation requires a privileged user to perform an action like clicking a malicious link or submitting a form.

Detection Guidance

The vulnerability is related to the WordPress Optimole Plugin versions up to and including 4.2.7 and involves Cross Site Scripting (XSS). Detection typically involves identifying if the vulnerable plugin version is installed and monitoring for suspicious input or script injection attempts.

While specific commands are not provided in the resources, common detection methods include scanning the WordPress installation for the plugin version, for example by checking the plugin version via WP-CLI:

  • wp plugin list --status=active

Additionally, monitoring web server logs for unusual query parameters or script injection patterns may help detect exploitation attempts.

Mitigation Strategies

The recommended immediate mitigation step is to update the Optimole plugin to version 4.2.8 or later, which resolves the vulnerability.

Until the update can be applied, Patchstack provides a mitigation rule that can be used to block attacks targeting this vulnerability.

Users are also advised to enable auto-updates for vulnerable plugins through Patchstack to ensure timely patching.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57673. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart