Published: April 28, 2026 | Last Modified: April 28, 2026
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.