CVE Catalog

CVE-2026-57684

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The TheFox plugin for WordPress versions 3.9.70 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. It allows an attacker to inject malicious JavaScript code into the page.

Risk Assessment

The risk involves potential session hijacking, redirection to malicious sites, or other actions in the victim's browser context, which could lead to data confidentiality and site integrity breaches.

Recommendation

It is recommended to immediately update the TheFox plugin to the latest available version that fixes this vulnerability. Also review and sanitize any content submitted by contributors.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS