Email Address Encoder (Free < 1.0.25, Premium

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks

AI Analysis

Unauthenticated Stored XSS vulnerability in Email Address Encoder WordPress plugin

Basic Information

ID CVE-2026-5305

Source WPScan

Published Jun 25, 2026 at 06:00

Modified Jan 1, 1970 at 00:00

Affected Product

Vendor Unknown

Product Email Address Encoder

Affected Versions Unknown Email Address Encoder 0
Unknown email-encoder-premium 0

CWE Classification

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Unknown

Product Email Address Encoder

Version < 1.0.25, < 0.3.12

References

wpscan.com /vulnerability/bf59610b-98ba-4c05-b2fc-85c163e9a389/

{
    "lastseen": "",
    "description": "The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks",
    "published": "2026-06-25T06:00:02.068Z",
    "modified": "2026-25-25T12:39:14.030Z",
    "type": "cve",
    "title": "Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/bf59610b-98ba-4c05-b2fc-85c163e9a389/",
    "id": "CVE-2026-5305",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Email Address Encoder 0\nUnknown email-encoder-premium 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Email Address Encoder",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated Stored XSS vulnerability in Email Address Encoder WordPress plugin",
    "ai_severity": "High",
    "ai_vendor": "Unknown",
    "ai_product": "Email Address Encoder",
    "ai_version": "< 1.0.25, < 0.3.12",
    "ai_score": 8.8
}

Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS_CVE-2026-5305