Pending AI Enrichment

This vulnerability was recently detected via the live feed and has not yet been processed by Precogs AI's context enrichment engine. The data below represents raw telemetric data.

RAW NVD TELEMETRY

CVE-2026-5226

CVSS Base Score

6.1 MEDIUM

Primary Weakness

CWE-79

Published Date

Apr 11, 2026

Data Source

NVD API

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Related Vulnerabilitiesvia CWE-79

View all CWE-79 vulnerabilities →

Explore Precogs Intelligence

●The Vulnerability Hub ●AI-Generated Code Exploits ●Enterprise Security Guides ●OWASP Top 10 Taxonomy

Is your system affected?

Precogs AI detects CVE-2026-5226 in compiled binaries, LLMs, and application layers — even without source code access.

Request Deep Analysis Book a demo