CVE Catalog

CVE-2026-57337

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Landing Page Builder plugin version 1.5.3.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without requiring authentication.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or steal sensitive data, posing a risk to the organization and its customers.

Recommendation

Immediately update the Landing Page Builder plugin to the latest available version that fixes this vulnerability. Additionally, implement input filtering and output encoding for all user-supplied data.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS