Pending AI Enrichment

This vulnerability was recently detected via the live feed and has not yet been processed by Precogs AI's context enrichment engine. The data below represents raw telemetric data.

RAW NVD TELEMETRY

CVE-2026-5742

CVSS Base Score

6.4 MEDIUM

Primary Weakness

CWE-79

Published Date

Apr 9, 2026

Data Source

NVD API

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts that will execute whenever a user accesses a page containing the affected badge widget.

Related Vulnerabilitiesvia CWE-79

View all CWE-79 vulnerabilities →

Explore Precogs Intelligence

●The Vulnerability Hub ●AI-Generated Code Exploits ●Enterprise Security Guides ●OWASP Top 10 Taxonomy