CVE Catalog

CVE-2026-4322

MediumCVSS 6.1
Published: Translated: NVD NIST

Summary

The Destekz plugin from Raera - Ankara Web Design and Digital Advertising Agency contains a reflected XSS vulnerability due to improper input neutralization during page generation. This affects versions up to 02062026, and the product is no longer supported by the vendor.

Risk Assessment

An attacker can inject a malicious script into the page, potentially leading to session theft, redirects to malicious sites, or theft of sensitive data.

Recommendation

Immediately disable or remove the Destekz plugin as it is no longer supported and will not receive security patches. Consider replacing it with an alternative, actively maintained solution.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS