Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Vanquish User Extra Fields allows hackers to steal user data via email
CVE-2025-67991
Summary
A security issue in Vanquish User Extra Fields plugin for WordPress allows hackers to steal sensitive user information by sending a malicious email. This affects users who have installed the plugin version 16.8 or earlier. To stay safe, update the plugin to the latest version available.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Ex...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Reflected XSS.This issue affects User Extra Fields: from n/a through <= 16.8.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026