Stored Cross-Site Scripting in PrintFriendly WordPress Plugin
CVE-2026-9738

4.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
11 July 2026

What is CVE-2026-9738?

The Print, PDF, Email by PrintFriendly plugin for WordPress has a Stored Cross-Site Scripting vulnerability stemming from inadequate sanitization and escaping of the 'content_position_css' parameter. This weakness allows attackers with administrator-level access to inject arbitrary web scripts into web pages. When a user accesses these compromised pages, the injected scripts can execute, potentially compromising user data and site integrity. All versions up to and including 5.5.10 are affected, making it crucial for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Print, PDF & Email by PrintFriendly 0 <= 5.5.10

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI
.