CVE Catalog

CVE-2026-42663

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in Simple Membership versions <= 4.7.2. An attacker can exploit this flaw to inject malicious scripts.

Risk Assessment

This vulnerability may lead to user data theft and session hijacking, posing a serious security risk to the application.

Recommendation

It is recommended to upgrade to the latest version of Simple Membership to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS