Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

Description

A vulnerability, which was classified as problematic, has been found in Optimole Plugin up to 4.2.3 on WordPress. This impacts the function get_current_url. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-5226. It is possible to initiate the attack remotely.

Affected Products

Vendor	Product	Versions
optimole	optimole – optimize images in real time	0

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-5226 | Optimole Plugin up to 4.2.3 on WordPress get_current_url cross site scripting

→ No new info (linked only)

CVSS 3.16.1 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 11, 2026

Last enriched4h agov2

Trending Score47

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History