CVE Catalog

CVE-2026-57618

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Cross Site Scripting (XSS) vulnerability in Neve PRO versions up to 3.1.2 inclusive. The flaw allows an attacker to inject malicious JavaScript code into the page, potentially leading to session theft or user redirection.

Risk Assessment

The risk involves the execution of scripts in the victim's browser, which may result in theft of credentials, session hijacking, or display of fake content.

Recommendation

It is recommended to immediately update the Neve PRO plugin to a version later than 3.1.2, which includes a fix for the vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS