{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3574", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-04T21:32:51.658Z", "datePublished": "2026-04-09T02:25:06.330Z", "dateUpdated": "2026-04-09T14:53:30.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-09T02:25:06.330Z"}, "affected": [{"vendor": "uxdexperts", "product": "Experto Dashboard for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight') in all versions up to and including 1.0.4. This is due to insufficient input sanitization (no sanitize callback in register_setting()) and missing output escaping (no esc_attr() in the field_callback() printf output) on user-supplied values. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in the plugin settings page that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a070f19e-9f65-499d-87c0-65be12d4be84?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L361"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L361"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L312"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L312"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3491768%40experto-custom-dashboard&new=3491768%40experto-custom-dashboard"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "timeline": [{"time": "2026-03-26T19:52:31.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-04-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:53:21.657778Z", "id": "CVE-2026-3574", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:53:30.166Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3574", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:53:21.657778Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:53:26.463Z"}}], "cna": {"title": "Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "uxdexperts", "product": "Experto Dashboard for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-26T19:52:31.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-04-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a070f19e-9f65-499d-87c0-65be12d4be84?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L361"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L361"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L312"}, {"url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L312"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3491768%40experto-custom-dashboard&new=3491768%40experto-custom-dashboard"}], "descriptions": [{"lang": "en", "value": "The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight') in all versions up to and including 1.0.4. This is due to insufficient input sanitization (no sanitize callback in register_setting()) and missing output escaping (no esc_attr() in the field_callback() printf output) on user-supplied values. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in the plugin settings page that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-09T02:25:06.330Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3574", "state": "PUBLISHED", "dateUpdated": "2026-04-09T14:53:30.166Z", "dateReserved": "2026-03-04T21:32:51.658Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-04-09T02:25:06.330Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight') in all versions up to and including 1.0.4. This is due to insufficient input sanitization (no sanitize callback in register_setting()) and missing output escaping (no esc_attr() in the field_callback() printf output) on user-supplied values. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in the plugin settings page that will execute whenever a user accesses the settings page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "id": "CVE-2026-3574", "lastModified": "2026-04-09T04:17:10.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-09T04:17:10.990", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L312"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/tags/1.0.1/admin/class-ewc-admin.php#L361"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L312"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/experto-custom-dashboard/trunk/admin/class-ewc-admin.php#L361"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3491768%40experto-custom-dashboard&new=3491768%40experto-custom-dashboard"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a070f19e-9f65-499d-87c0-65be12d4be84?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Experto Dashboard for WooCommerce", "source": "cna", "vendor": "uxdexperts"}, "product": "experto_dashboard_for_woocommerce", "vendor": "uxdexperts"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-09T04:21:57.868084+00:00", "value": {"mitigation_remediation": ["Upgrade the Experto Dashboard for WooCommerce plugin to the latest version that removes the vulnerable settings handling.", "If an upgrade cannot be performed immediately, limit access to the Settings page by removing or restricting the editor privileges for roles other than the site administrator.", "Consider disabling the multi\u2011site feature or enabling the unfiltered_html capability only for trusted users while the plugin is pending a patch.", "Perform a security review of all other plugins and theme settings to ensure similar unsanitized inputs are not present."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is the Experto Dashboard for WooCommerce plugin by uxdexperts, available for WordPress installations. All releases up to and including version 1.0.4 are vulnerable. The issue manifests only in multi\u2011site WordPress environments where the unfiltered_html capability is disabled, and the attacker must have permission to edit plugin settings.", "description_and_impact": "The vulnerability resides in the Settings page of the Experto Dashboard for WooCommerce plugin where certain fields such as \u2018Navigation Font Size\u2019, \u2018Navigation Font Weight\u2019, \u2018Heading Font Size\u2019, \u2018Heading Font Weight\u2019, \u2018Text Font Size\u2019, and \u2018Text Font Weight\u2019 are stored without sanitization or escaping. This permits an authenticated user with Administrator or higher privileges to embed arbitrary JavaScript that will run for any user who visits the Settings page, enabling the attacker to perform actions such as phishing, cookie theft, or defacement.", "risk_and_exploitability": "The CVSS score of 4.4 places the severity in the moderate range, and because the exploit requires authenticated access it is less likely to be abused broadly. No EPSS score is available and the vulnerability is not currently listed in the CISA KEV catalog, which suggests limited public exploitation. Nevertheless the impact of an attacker executing arbitrary code for other site users remains significant, and the issue can be leveraged to compromise the entire WordPress installation if additional weaknesses exist."}}}}, "created": "2026-04-09T08:15:45.129346+00:00", "updated": "2026-04-09T08:25:11.736865+00:00", "vendors": ["uxdexperts", "uxdexperts$PRODUCT$experto_dashboard_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}