Stored Cross-Site Scripting in PrintFriendly WordPress Plugin
CVE-2026-9738
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-9738?
The Print, PDF, Email by PrintFriendly plugin for WordPress has a Stored Cross-Site Scripting vulnerability stemming from inadequate sanitization and escaping of the 'content_position_css' parameter. This weakness allows attackers with administrator-level access to inject arbitrary web scripts into web pages. When a user accesses these compromised pages, the injected scripts can execute, potentially compromising user data and site integrity. All versions up to and including 5.5.10 are affected, making it crucial for users to upgrade to the latest version to mitigate this risk.
Affected Version(s)
Print, PDF & Email by PrintFriendly 0 <= 5.5.10