CVE Catalog

CVE-2026-56045

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Automatic versions prior to 3.135.1.

Risk Assessment

An attacker can inject malicious JavaScript code, leading to session theft, redirects, or data theft from users.

Recommendation

Immediately update the Automatic plugin to version 3.135.1 or later.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS