CVE-2026-5305
Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks
| Vendor | unknown |
| Product | email address encoder |
| Published | Jun 25, 2026 |
| Last Updated | Jun 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown email address encoder
Be the first to know when new high vulnerabilities affecting unknown email address encoder are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Email Address Encoder
0 < 1.0.25
Unknown / email-encoder-premium
0 < 0.3.12
References
Credits
Matthew Rollings WPScan