Reflected Cross-Site Scripting in Reflector Plugin Affects User Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Reflected Cross-Site Scripting in Reflector Plugin Affects User Data

CVE-2026-24948

Summary

The Reflector plugin for Fox-Themes has a security issue that could allow hackers to inject malicious code into a website, potentially stealing user data or spreading malware. If you're using the Reflector plugin, update to the latest version to fix this issue. If you're not using it, consider disabling or removing it to minimize risk.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from ...

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/reflector-plugins/vulnerability...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026