CVE Catalog

CVE-2026-57686

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The WowAddons plugin version 1.6.14 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

Risk Assessment

The risk includes user session hijacking, administrator account takeover, and website defacement. The attack can be performed by any visitor to the site.

Recommendation

Immediately update the WowAddons plugin to version 1.6.15 or later. If an update is not available, temporarily disable the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS