Cross-site Scripting Vulnerability in PublishPress Post Expirator Plugin
CVE-2026-39482

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Post Expirator
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39482?

A Cross-site Scripting vulnerability exists in the PublishPress Post Expirator plugin for WordPress, allowing attackers to inject malicious scripts into web pages. This vulnerability arises from the improper handling of input during web page generation, specifically enabling DOM-based XSS. Users are advised to update to the latest version to mitigate potential exploitation.

Affected Version(s)

Post Expirator 0 <= 4.9.4

References

https://patchstack.com/database/Wordpress/Plugin/post-exp...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

timomangcut | Patchstack Bug Bounty Program

CVE-2026-39482 Data

JSON