{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24558", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-23T12:31:51.716Z", "datePublished": "2026-01-23T14:28:54.415Z", "dateUpdated": "2026-04-28T16:14:49.328Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "abg-rich-pins", "product": "ABG Rich Pins", "vendor": "antoniobg", "versions": [{"lessThanOrEqual": "1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "johska | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:55.621Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.<p>This issue affects ABG Rich Pins: from n/a through <= 1.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:49.328Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/abg-rich-pins/vulnerability/wordpress-abg-rich-pins-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T21:06:12.414518Z", "id": "CVE-2026-24558", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:24:25.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24558", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T21:06:12.414518Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T21:06:09.701Z"}}], "cna": {"title": "WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "johska | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "antoniobg", "product": "ABG Rich Pins", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1"}], "packageName": "abg-rich-pins", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:55.621Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/abg-rich-pins/vulnerability/wordpress-abg-rich-pins-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.<p>This issue affects ABG Rich Pins: from n/a through <= 1.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:06.110Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24558", "state": "PUBLISHED", "dateUpdated": "2026-04-28T14:24:25.023Z", "dateReserved": "2026-01-23T12:31:51.716Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-23T14:28:54.415Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') en antoniobg ABG Rich Pins abg-rich-pins permite XSS Almacenado. Este problema afecta a ABG Rich Pins: desde n/d hasta &lt;= 1.1."}], "id": "CVE-2026-24558", "lastModified": "2026-04-28T15:16:13.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-23T15:16:13.043", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/abg-rich-pins/vulnerability/wordpress-abg-rich-pins-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T17:51:56.623439+00:00", "value": {"mitigation_remediation": ["Update the ABG Rich Pins plugin to any version newer than 1.1, if available.", "If an update is not immediately available, disable or uninstall the plugin to eliminate the risk until a patch can be applied.", "Apply a site\u2011wide content sanitization policy or use a WordPress security plugin that escapes or strips disallowed script tags to reduce the impact of stored XSS."], "summary": {"action": "Apply Patch", "impact": "Stored Cross Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "WordPress installations that have installed the ABG Rich Pins plugin from the antoniobg vendor and are running version 1.1 or earlier are affected. The issue exists in all releases from the first public version up to and including 1.1; no sub\u2011version list is provided.", "description_and_impact": "The ABG Rich Pins WordPress plugin suffers from an improper neutralization of input during web page generation, which allows a stored cross\u2011site scripting flaw. When inappropriate content is stored by the plugin, it is later rendered in pages viewed by visitors, giving an attacker the ability to execute malicious scripts in the browsers of site users. This can lead to phishing, credential theft, or site defacement and compromises the confidentiality, integrity, and availability of content for site visitors. The vulnerability is a classic input validation issue catalogued as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.5 indicates medium severity. The EPSS score is less than 1\u202f%, indicating a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, and no public exploits are documented. The likely attack vector requires a user with permission to add or edit content through the plugin\u2019s interface, after which a malicious payload is stored and subsequently served to visitors."}}}}, "created": "2026-01-26T11:52:44.725836+00:00", "updated": "2026-04-28T18:00:14.084119+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}