CVE Catalog
CVE-2026-57617
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
The SeedProd Pro plugin versions prior to 6.19.5 contain a Cross Site Scripting (XSS) vulnerability in the contributor function. It allows an attacker to inject malicious JavaScript code into pages generated by the plugin.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect them to malicious sites, or perform other actions in their context, potentially leading to data confidentiality and integrity breaches.
Recommendation
Immediately update the SeedProd Pro plugin to version 6.19.5 or later, which fixes this vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

