Check & Log Email < 2.0.13 - Unauthenticated Stored XSS

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled

Basic Information

ID CVE-2026-5306

Source WPScan

Published Apr 28, 2026 at 06:00

Modified Apr 28, 2026 at 14:14

Affected Product

Vendor Unknown

Product Check & Log Email

Affected Versions Unknown Check & Log Email 0

CWE Classification

References

wpscan.com /vulnerability/97908c15-6e7a-4242-8c6f-66c8b804364c/

{
    "lastseen": "",
    "description": "The Check & Log Email  WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled",
    "published": "2026-04-28T06:00:06.540Z",
    "modified": "2026-04-28T14:14:55.661Z",
    "type": "cve",
    "title": "Check & Log Email < 2.0.13 - Unauthenticated Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/97908c15-6e7a-4242-8c6f-66c8b804364c/",
    "id": "CVE-2026-5306",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Check & Log Email 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Check & Log Email",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Check & Log Email < 2.0.13 - Unauthenticated Stored XSS_CVE-2026-5306