CVE Catalog
CVE-2026-57684
MediumCVSS 6.5Summary
The TheFox plugin for WordPress versions 3.9.70 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. It allows an attacker to inject malicious JavaScript code into the page.
Risk Assessment
The risk involves potential session hijacking, redirection to malicious sites, or other actions in the victim's browser context, which could lead to data confidentiality and site integrity breaches.
Recommendation
It is recommended to immediately update the TheFox plugin to the latest available version that fixes this vulnerability. Also review and sanitize any content submitted by contributors.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.

