Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.6.5.
Published: 2025-04-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The DeBounce Email Validator plugin contains an improper neutralization of input during web page generation that allows reflected cross‑site scripting. This flaw permits the injection of malicious scripts into pages rendered by the plugin, so an attacker can execute arbitrary code in the browsers of visitors who view those pages. Such code could steal cookies, redirect users, or deface the site, thereby compromising the confidentiality, integrity, and availability of the affected WordPress installation.

Affected Systems

This vulnerability affects the WordPress DeBounce Email Validator plugin provided by debounce, specifically versions up to and including 5.6.5.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity; the EPSS score of less than 1% suggests a low probability of exploitation at the moment, and the vulnerability is not listed in CISA’s KEV catalog. Attackers would likely exploit this reflected XSS flaw by embedding malicious script payloads into URLs or form data that the plugin echoes back to the visitor, which can be triggered from a remote host in a straightforward way.

Generated by OpenCVE AI on May 1, 2026 at 09:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DeBounce Email Validator plugin to a version newer than 5.6.5 immediately.
  • If an update is not yet available, disable or uninstall the plugin to remove the exposed entry point until a fix is released.
  • Ensure that any input data rendered by the plugin is properly escaped or filtered so that scripts cannot be executed in the browser.

Generated by OpenCVE AI on May 1, 2026 at 09:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11569 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Reflected XSS. This issue affects DeBounce Email Validator: from n/a through 5.6.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Reflected XSS. This issue affects DeBounce Email Validator: from n/a through 5.6.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Reflected XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.6.5.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 17 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Reflected XSS. This issue affects DeBounce Email Validator: from n/a through 5.6.5.
Title WordPress DeBounce Email Validator plugin <= 5.6.5 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T23:58:08.833Z

Reserved: 2025-01-23T14:50:05.372Z

Link: CVE-2025-24539

cve-icon Vulnrichment

Updated: 2025-04-17T15:59:28.507Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:31.300

Modified: 2026-06-17T08:59:11.707

Link: CVE-2025-24539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T09:30:14Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')