Medium severity6.1NVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-5776
CVE-2026-5776
Description
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.4.7
- Range: <2.4.7
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)Wordfence Blog · Jun 18, 2026