CVE-2026-5305 | The Email Address Encoder WordPress plugin before 1.0.25, em…

Description

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks

Metadata

CVE ID: CVE-2026-5305
State: PUBLISHED
Assigner: WPScan
Reserved: 2026-04-01 08:24 UTC
Published: 2026-06-25 06:00 UTC
Last updated: 2026-06-25 06:00 UTC
Vendor / Product: Unknown / Email Address Encoder
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Unknown	Email Address Encoder	—	0 < 1.0.25
Unknown	email-encoder-premium	—	0 < 0.3.12

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-79 Cross-Site Scripting (XSS)

References (1)

https://wpscan.com/vulnerability/bf59610b-98ba-4c05-b2fc-85c163e9a389/