Description
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Published: 2026-07-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a contributor to inject arbitrary JavaScript in the Structured Content plugin, leading to Cross Site Scripting. If executed in a user’s browser it can steal session cookies, deface the site, or redirect users to malicious domains. The flaw arises from inadequate input validation of contributor content and is identified as CWE‑79.

Affected Systems

WordPress sites running the Structured Content plugin version 1.7.0 or earlier are affected. The known vendor is Gordon Böhme, and the product name is Structured Content. No further version details are supplied beyond the 1.7.0 cutoff.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. EPSS is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a crafted post or content piece submitted by a contributor role that the site trusts, since the vulnerability is labeled "Contributor Cross Site Scripting."

Generated by OpenCVE AI on July 2, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Structured Content plugin to any release newer than 1.7.0
  • If an upgrade is unavailable, disable or remove the plugin until a patch is applied
  • Configure the WordPress user role system to restrict contributor permissions and enable strict content sanitization to filter out executable scripts

Generated by OpenCVE AI on July 2, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Title WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T12:40:47.096Z

Reserved: 2026-06-25T08:04:41.580Z

Link: CVE-2026-57763

cve-icon Vulnrichment

Updated: 2026-07-02T12:40:44.363Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:15:03Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')