cleantalk
Vulnerabilities and Security Researches

Check & Log Email, CVE-2026-5306

CVE, Research URL

CVE-2026-5306

Home page URL

Security reports for Check & Log Email

Application

Check & Log Email

Published on
Apr 28, 2026
Research Description
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled
Affected versions
max 2.0.13.
Status
vulnerable
Previous vulnerability researches
SERPed.net (CVE-2025-24669) , Jan 26, 2025
SERPed.net (CVE-2025-28998) , Jul 02, 2025
SERPed.net (CVE-2025-32651) , Apr 18, 2025
New vulnerability
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-42652) , Apr 30, 2026
WP Meteor Website Speed Optimization Addon (CVE-2026-2902) , Apr 30, 2026
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026