Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting (DOM‑based XSS)
Action: Apply patch
AI Analysis

Impact

Improper neutralization of input during web page generation causes a DOM‑based cross‑site scripting flaw in WP Custom Admin Interface. The plugin can inject arbitrary scripts into the pages it serves, permitting client‑side script execution when a user visits those pages.

Affected Systems

WP Custom Admin Interface by Northern Beaches Websites, versions 7.42 and earlier, on any WordPress site that has the plugin installed.

Risk and Exploitability

The CVSS score is 6.5, indicating medium severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based; an attacker can plausibly craft a malicious URL or embed a payload that triggers the plugin’s input handling, causing script execution when an affected user accesses the page. Exploitation requires only that a user view the vulnerable page.

Generated by OpenCVE AI on March 26, 2026 at 00:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Custom Admin Interface to the newest available version (higher than 7.42) released by the vendor.
  • If an update is not yet available, disable or uninstall the plugin to remove the vulnerable code.
  • Access the WordPress admin area over HTTPS to reduce the risk of cross‑site scripting affecting administrative sessions.

Generated by OpenCVE AI on March 26, 2026 at 00:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Northern Beaches Websites
Northern Beaches Websites wp Custom Admin Interface
Wordpress
Wordpress wordpress
Vendors & Products Northern Beaches Websites
Northern Beaches Websites wp Custom Admin Interface
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42.
Title WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Northern Beaches Websites Wp Custom Admin Interface
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:13:39.615Z

Reserved: 2026-03-12T11:12:19.946Z

Link: CVE-2026-32521

cve-icon Vulnrichment

Updated: 2026-03-25T20:13:18.836Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:17:04.937

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-32521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:25Z

Weaknesses