CVE-2026-42643

🗓️ 29 Apr 2026 10:40:45Reported by PatchstackType

CVE-2026-42643: Stored XSS in StellarWP Image Widget plugin for WordPress up to 4.4.11.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-42643	29 Apr 202610:40	–	attackerkb
Circl	CVE-2026-42643	29 Apr 202615:26	–	circl
CNNVD	WordPress Plugin Image Widget 跨站脚本漏洞	29 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-42643 WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability	29 Apr 202610:40	–	cvelist
EUVD	EUVD-2026-26214	29 Apr 202610:40	–	euvd
NVD	CVE-2026-42643	29 Apr 202612:16	–	nvd
Positive Technologies	PT-2026-35902	29 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-42643	12 May 202614:21	–	redhatcve
Vulnrichment	CVE-2026-42643 WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability	29 Apr 202610:40	–	vulnrichment

Vulners

Node

stellarwp image_widgetRange≤4.4.11wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "image-widget",
    "product": "Image Widget",
    "vendor": "StellarWP",
    "versions": [
      {
        "changes": [
          {
            "at": "4.4.12",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.4.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/image-widget/vulnerability/wordpress-image-widget-plugin-4-4-11-cross-site-scripting-xss-vulnerability

12 May 2026 11:03Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.9

EPSS0.00036

SSVC

CWE-79