Easy Updates Manager
Moderate fix1 remedy
cpe:2.3:a:easyupdatesmanager:easy_updates_manager:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 9.0.20
Easy Updates Manager Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in the Easy Updates Manager plugin for WordPress, affecting versions through 9.0.20. The issue arises from inadequate input sanitization and output escaping in the 'paged' parameter of the pagination function. This vulnerability allows attackers to inject arbitrary web scripts into pages, which could be executed when an administrator is tricked into clicking a link to the compromised page.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute scripts in the context of the user's browser.
Reproduction
To reproduce this vulnerability, an attacker can send a request to a WordPress site with the 'paged' parameter set to a value that includes the injected script. If an administrator clicks on the link with the injected 'paged' parameter, the script will execute, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to update the Easy Updates Manager plugin to version 9.0.21 or later, where this vulnerability has been patched.
Added: May 28, 2026, 8:39 AM
Updated: May 28, 2026, 8:39 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
5.4exploitability
7.4remediation
7.7relevance
9.6threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.