What is CVE-2026-2277?

CVE-2026-2277 is a medium-severity vulnerability in Larsdrasmussen Rexcrawler, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-03-21.

How severe is CVE-2026-2277?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Larsdrasmussen Rexcrawler

CVE-2026-2277

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (31.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Larsdrasmussen Rexcrawler — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.wordfence.com/threat-intel/vulnerabilities/id/2a17f466-bc4b-4668-8ff9-e8b31…
plugins.trac.wordpress.org/browser/rexcrawler/trunk/admin_regex_test.php
plugins.trac.wordpress.org/browser/rexcrawler/tags/1.0.15/admin_regex_test.php
plugins.trac.wordpress.org/browser/rexcrawler/trunk/admin_regex_test.php
plugins.trac.wordpress.org/browser/rexcrawler/tags/1.0.15/admin_regex_test.php

Frequently asked questions

What is CVE-2026-2277?: CVE-2026-2277 is a medium-severity vulnerability in Larsdrasmussen Rexcrawler, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-03-21.
How severe is CVE-2026-2277?: Medium severity. CVSS v3 base score is 6.1 out of 10.