PatchSiren cyber security CVE debrief
CVE-2026-48876 Web Guy CVE debrief
CVE-2026-48876 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in the Stop Spammers plugin, affecting versions up to and including 2026.3. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-48876).
- Vendor
- Web Guy
- Product
- Stop Spammers
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Stop Spammers plugin, particularly those using versions up to and including 2026.3, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is an Unauthenticated Cross Site Scripting (XSS) issue in the Stop Spammers plugin. It has been assigned a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of the Stop Spammers plugin if available.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/stop-spammer-registrations-plugin/vulnerability/wordpress-stop-spammers-plugin-2026-3-cross-site-scripting-xss-vulnerability?_s_id=cve) for mitigation or
- vendor reference.
Evidence notes
Evidence for this CVE comes from Patchstack, as noted in the [source-item](https://services.nvd.nist.gov/rest/json/cves/2.0?lastModStartDate=2026-06-15T18%3A45%3A52.000Z&lastModEndDate=2026-06-16T08%3A00%3A58.000Z).
Official resources
-
CVE-2026-48876 CVE record
CVE.org
-
CVE-2026-48876 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48876 was published on 2026-06-15T21:17:17.023Z and last modified on 2026-06-15T21:24:32.790Z.