Cyber Posture

CVE-2026-23807

High

Published: 25 March 2026

Published
25 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0004 11.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23807 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires identification, reporting, and correction of system flaws, directly enabling patching of the reflected XSS vulnerability in the WP Telegram Widget plugin up to version 2.2.13.

SI-15 Information Output Filtering good match
prevent

SI-15 mandates filtering of information outputs during web page generation, preventing malicious script injection that causes reflected XSS.

SI-10 Information Input Validation good match
prevent

SI-10 enforces validation of information inputs, addressing improper neutralization of inputs from malicious URLs that trigger reflected XSS.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables exploitation of a web application vulnerability over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.

Deeper analysisAI

CVE-2026-23807 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling reflected cross-site scripting (XSS) as classified under CWE-79. It affects the WP Telegram Widget and Join Link WordPress plugin (wptelegram-widget) in all versions up to and including 2.2.13. The issue was published on 2026-03-25 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this vulnerability remotely over the network with low attack complexity and no required privileges, though it demands user interaction such as visiting a maliciously crafted URL. Exploitation changes the security scope, allowing limited impacts on confidentiality, integrity, and availability—typically enabling script execution in the context of the targeted user's browser session on the affected WordPress site.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/wptelegram-widget/vulnerability/wordpress-wp-telegram-widget-and-join-link-plugin-2-2-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve details the vulnerability in the plugin up to version 2.2.13, recommending mitigation through updating to a patched version where available or applying other vendor-recommended defenses against reflected XSS.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-27005Shared CWE-79
CVE-2025-68520Shared CWE-79
CVE-2026-0800Shared CWE-79
CVE-2025-26555Shared CWE-79
CVE-2025-46199Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-23570Shared CWE-79
CVE-2024-56056Shared CWE-79
CVE-2025-70038Shared CWE-79
CVE-2025-64054Shared CWE-79

References