Medium severity5.4NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026
CVE-2026-5306
CVE-2026-5306
Description
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.0.13
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)Wordfence Blog · May 7, 2026