CVE Catalog
CVE-2026-57618
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
Cross Site Scripting (XSS) vulnerability in Neve PRO versions up to 3.1.2 inclusive. The flaw allows an attacker to inject malicious JavaScript code into the page, potentially leading to session theft or user redirection.
Risk Assessment
The risk involves the execution of scripts in the victim's browser, which may result in theft of credentials, session hijacking, or display of fake content.
Recommendation
It is recommended to immediately update the Neve PRO plugin to a version later than 3.1.2, which includes a fix for the vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

