CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks

More information : https://wpscan.com/vulnerability/00c0b9f7-c559-463e-80ae-97d99e0ef99f/