CVE Catalog

CVE-2026-57762

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Summary

The Simple URLs plugin for WordPress version 151 and earlier contains a Stored Cross Site Scripting (XSS) vulnerability. An author can inject a malicious script that will be executed in the browser of an administrator or other user.

Risk Assessment

The risk involves potential session hijacking of an administrator, data theft, or unauthorized actions within the WordPress panel. An attacker with author privileges can exploit this vulnerability for privilege escalation or malware distribution.

Recommendation

Immediately update the Simple URLs plugin to the latest available version that fixes this vulnerability. If no update is available, consider temporarily disabling the plugin until a patch is released.

Original NVD description (English source)

Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS