Cross-site Scripting Vulnerability in ZAYTECH Smart Online Order for Clover
CVE-2026-42738

7.1HIGH

Key Information:

Vendor: WordPress
Status: Smart Online Order For Clover
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42738?

The ZAYTECH Smart Online Order for Clover has a vulnerability that allows for stored cross-site scripting (XSS) attacks. This occurs when input is improperly neutralized during page generation, enabling an attacker to inject malicious scripts. Affected versions include those from n/a up to and including 1.6.0. This vulnerability can lead to unauthorized access and manipulation of user data, highlighting the importance of immediate remediation for affected systems.

Affected Version(s)

Smart Online Order for Clover 0 <= 1.6.0

References

https://patchstack.com/database/Wordpress/Plugin/clover-o...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

she11f | Patchstack Bug Bounty Program

CVE-2026-42738 Data

JSON