CVE Catalog
CVE-2026-42663
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile - higher than 6% of all known CVEs
Summary
There is an unauthenticated Cross Site Scripting (XSS) vulnerability in Simple Membership versions <= 4.7.2. An attacker can exploit this flaw to inject malicious scripts.
Risk Assessment
This vulnerability may lead to user data theft and session hijacking, posing a serious security risk to the application.
Recommendation
It is recommended to upgrade to the latest version of Simple Membership to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

