Description

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks

Weaknesses

  • — CWE-79 Cross-Site Scripting (XSS)

Affected products

VendorProductVersions
UnknownEmail Address Encoder0 to <1.0.25
Unknownemail-encoder-premium0 to <0.3.12

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.