PT-2026-26829 · WordPress · Rexcrawler
San6051
·
Published
2026-03-21
·
Updated
2026-03-21
·
CVE-2026-2277
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
rexCrawler plugin for WordPress versions prior to 1.0.16
Description
The rexCrawler plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the
url and regex parameters within the search-pattern tester page. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. Successful exploitation requires tricking an administrator into performing an action, such as clicking a malicious link. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled.Recommendations
Update the rexCrawler plugin to version 1.0.16 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rexcrawler