CVE Catalog
CVE-2026-57686
HighCVSS 7.1Summary
The WowAddons plugin version 1.6.14 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
Risk Assessment
The risk includes user session hijacking, administrator account takeover, and website defacement. The attack can be performed by any visitor to the site.
Recommendation
Immediately update the WowAddons plugin to version 1.6.15 or later. If an update is not available, temporarily disable the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.

