CVE-2026-1795 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, found in the sivenso Address Bar Ads plugin for WordPress. This vulnerability affects all versions up to and including 1.0.0. The root cause is insufficient sanitization and escaping of user-supplied input in the URL path, which is directly reflected in web pages generated by the plugin. An unauthenticated attacker can craft a malicious URL containing arbitrary JavaScript code embedded in the path component. When a victim clicks on this URL, the injected script executes in the context of the vulnerable website, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites. The vulnerability does not require any authentication but does require user interaction (clicking a link). The CVSS v3.1 base score is 6.1, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, user interaction needed, and impact on confidentiality and integrity but not availability. No patches or fixes are currently linked, and no known exploits have been observed in the wild. The vulnerability is particularly concerning for websites using the sivenso Address Bar Ads plugin, which is designed to display ads in the browser address bar area, potentially increasing the attack surface due to dynamic content generation.

The primary impact of this vulnerability is the compromise of user confidentiality and integrity on affected WordPress sites using the sivenso Address Bar Ads plugin. Attackers can execute arbitrary scripts in the context of the vulnerable site, enabling theft of session tokens, cookies, or other sensitive information. This can lead to account takeover, unauthorized actions performed on behalf of users, or redirection to phishing or malware sites. While availability is not directly impacted, the reputational damage and potential data breaches can be significant. Organizations relying on this plugin for advertising may face loss of user trust, regulatory scrutiny, and potential financial losses. The vulnerability's exploitation requires user interaction, which may limit mass exploitation but targeted phishing campaigns could be effective. Given WordPress's widespread use globally, the scope of affected systems is substantial wherever this plugin is deployed.

1. Immediate mitigation involves disabling or removing the sivenso Address Bar Ads plugin until a vendor patch is released. 2. If removal is not feasible, implement a Web Application Firewall (WAF) with custom rules to detect and block suspicious URL patterns containing script tags or typical XSS payloads targeting the URL path. 3. Educate users and administrators about the risk of clicking untrusted links, especially those appearing to originate from the affected site. 4. Monitor web server logs for unusual URL requests that may indicate attempted exploitation. 5. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 6. Once available, promptly apply vendor patches or updates addressing this vulnerability. 7. Conduct regular security assessments and code reviews of plugins to detect similar input validation issues. 8. Use security plugins that sanitize inputs and outputs or provide additional XSS protections within WordPress environments.