CVE-2026-24620 is a stored Cross-site Scripting (XSS) vulnerability found in the PluginOps Landing Page Builder plugin, specifically in the page-builder-add component. This vulnerability results from improper neutralization of user input during the generation of web pages, allowing malicious scripts to be stored and later executed in the context of users visiting the affected pages. The affected versions include all versions up to and including 1.5.3.3. The vulnerability requires an attacker to have high privileges (PR:H) and user interaction (UI:R) to exploit, such as tricking an authenticated user into triggering the malicious payload. The CVSS 3.1 base score is 5.9, indicating medium severity, with attack vector being network (AV:N), low attack complexity (AC:L), and a scope change (S:C) meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability at a low level. Stored XSS can lead to session hijacking, defacement, or redirection to malicious sites, potentially compromising user data or site integrity. No public exploits are known at this time, but the vulnerability remains a risk for websites using this plugin, especially those with privileged users who can inject malicious content. The lack of available patches at the time of publication necessitates immediate mitigation steps to reduce risk.

For European organizations, this vulnerability can lead to unauthorized script execution within the context of trusted users, potentially exposing sensitive information, enabling session hijacking, or allowing attackers to manipulate site content. Marketing and e-commerce websites using the PluginOps Landing Page Builder are particularly at risk, as attackers could exploit this to deface pages or redirect customers to fraudulent sites, damaging brand reputation and customer trust. The medium severity score reflects moderate risk, but the requirement for high privileges and user interaction limits the attack surface somewhat. However, organizations with multiple administrators or editors using this plugin are vulnerable to insider threats or social engineering attacks. The impact on availability is low but could include temporary disruption if malicious scripts cause errors or crashes. Given the widespread use of WordPress plugins in Europe, especially in countries with large digital economies, the threat could affect a significant number of organizations if left unmitigated.

1. Monitor PluginOps official channels for patches and apply updates promptly once available. 2. Restrict access to the plugin’s administrative interfaces to trusted users only, minimizing the number of users with high privileges. 3. Implement strict Content Security Policies (CSP) to limit the execution of unauthorized scripts on affected web pages. 4. Conduct regular security audits and input validation reviews for all user-generated content within the plugin. 5. Employ Web Application Firewalls (WAFs) configured to detect and block XSS payloads targeting the plugin. 6. Educate privileged users about social engineering risks and the importance of cautious interaction with suspicious content. 7. Use security plugins that can detect and sanitize stored XSS attempts in WordPress environments. 8. Monitor logs for unusual activity related to the plugin, such as unexpected content changes or script injections.