CVE-2026-53737

MEDIUM WAF: High

CVSS 6.1 Published: 2026-06-10

CWE-79

Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

wordpress.org
www.vulncheck.com

Back to CVE Database