PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-39597 WPZOOM CVE debrief

CVE-2026-39597 is a HIGH-severity vulnerability in WPZOOM Addons for Elementor plugin versions <= 1.3.4. It allows unauthenticated Cross Site Scripting (XSS) attacks. The vulnerability was published on June 17, 2026, and has a CVSS score of 7.1. Users of affected versions should update to a patched version immediately. The vulnerability was reported by Patchstack. No ransomware campaigns have been linked to this vulnerability.

Vendor
WPZOOM
Product
WPZOOM Addons for Elementor
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of WordPress sites with the WPZOOM Addons for Elementor plugin installed, especially those with version 1.3.4 or earlier, should be aware of this vulnerability and take immediate action to update to a patched version.

Technical summary

CVE-2026-39597 is an unauthenticated Cross Site Scripting (XSS) vulnerability in the WPZOOM Addons for Elementor plugin. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The weakness is classified as CWE-79.

Defensive priority

High

Recommended defensive actions

  • Update WPZOOM Addons for Elementor plugin to a version greater than 1.3.4
  • Review and monitor WordPress site logs for suspicious activity
  • Implement a Web Application Firewall (WAF) to detect and prevent XSS attacks
  • Regularly update and patch all WordPress plugins and themes
  • Use a reputable security plugin to scan for vulnerabilities
  • Limit user privileges and access to sensitive areas of the site

Evidence notes

The vulnerability was reported by Patchstack and published on their website. The CVE record was created on June 17, 2026. The NVD detail page provides additional information about the vulnerability.

Official resources

public