Stored Cross-Site Scripting Vulnerability in Experto Dashboard for WooCommerce Plugin
CVE-2026-3574

4.4MEDIUM

Key Information:

Vendor: WordPress
Status: Experto Dashboard For WooCommerce
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-3574?

The Experto Dashboard for WooCommerce plugin for WordPress is susceptible to stored cross-site scripting attacks through its settings fields. Due to inadequate input sanitization and missing output escaping, authenticated users with Administrator-level access can inject malicious scripts into the plugin's settings. This vulnerability particularly affects multi-site installations and those with unfiltered_html disabled, leading to potential exposure whenever the settings page is accessed.

Affected Version(s)

Experto Dashboard for WooCommerce 0 <= 1.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/experto-custom...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Muhammad Nur Ibnu Hubab

CVE-2026-3574 Data

JSON