VYPR
Medium severity6.1NVD Advisory· Published May 20, 2026· Updated May 20, 2026

CVE-2026-5776

CVE-2026-5776

Description

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1