Cross Site Scripting Vulnerability in Simple URLs by WordPress
CVE-2026-57762

5.9MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57762?

The Simple URLs plugin for WordPress, up to version 1.5.1, contains a Cross Site Scripting (XSS) vulnerability that could allow unauthorized users to inject malicious scripts into web pages. This flaw poses a significant risk as it may be exploited to execute arbitrary JavaScript in the context of users visiting affected sites, potentially compromising user data and site integrity. Administrators are urged to apply available patches and updates to mitigate this security risk.

Affected Version(s)

Simple URLs <= 151

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jitlada | Patchstack Bug Bounty Program
.