CVE-2026-5306

Name of the Vulnerable Software and Affected Versions Check & Log Email WordPress plugin versions prior to 2.0.13

Description Improper handling of email replacement allows unauthenticated users to perform Stored Cross-Site Scripting (XSS) attacks when the email encoder setting is enabled. Stored XSS occurs when a malicious script is permanently stored on the target server, which is then served to other users.

Recommendations Update the plugin to version 2.0.13 or later.