PublishPress Post Expirator allows hackers to inject malicious code into web pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

PublishPress Post Expirator allows hackers to inject malicious code into web pages

CVE-2026-39482

Summary

A security flaw in PublishPress Post Expirator allows hackers to inject malicious code into web pages, potentially allowing them to steal data or take control of your website. This affects all versions of Post Expirator up to 4.9.4. To fix this issue, update to the latest version of Post Expirator as soon as possible.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirat...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/post-expirator/vulnerability/wo...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026