CVE Catalog
CVE-2026-57322
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
Unauthenticated Cross Site Scripting (XSS) vulnerability in weMail versions up to 2.1.2.
Risk Assessment
An attacker can inject malicious JavaScript code, leading to session theft, redirects, or site defacement.
Recommendation
Immediately update the weMail plugin to a version newer than 2.1.2.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

