CVE Catalog
CVE-2026-57337
HighCVSS 7.1Summary
The Landing Page Builder plugin version 1.5.3.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without requiring authentication.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or steal sensitive data, posing a risk to the organization and its customers.
Recommendation
Immediately update the Landing Page Builder plugin to the latest available version that fixes this vulnerability. Additionally, implement input filtering and output encoding for all user-supplied data.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

