CyberRota
← Ana sayfaya dön

CVE-2026-8089

HIGH · CVSS 7.1 EPSS %0.21

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-17T13:21:21.917 · Çekilme zamanı: 2026-06-30T12:25:15.666904+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir.

CVE
CVE-2026-8089
Severity
HIGH
CVSS
7.1
EPSS
%0.21
WordPress

Orijinal NVD Açıklaması

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.