Overview of CVE-2026-3569
A stored Cross-Site Scripting vulnerability affects Liaison Site Prober. This flaw has a CVSS score of 5.3. It allows attackers to inject malicious scripts. These scripts execute in the browser of every visitor. The scripts become part of the website permanently.
The plugin does not sanitize user input properly. It stores unsafe data in the database. When the page loads, the script executes automatically. No user interaction is required for the attack to work.
Technical Details
The vulnerability exists in the plugin’s site probing feature. This feature collects and displays data from user submissions. The plugin fails to escape HTML and JavaScript content. Attackers can submit malicious payloads through input fields.
The CVSS vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The attack is network-based with low complexity. It requires some user interaction for initial injection. But the stored payload affects all future visitors automatically.
Stored XSS is more dangerous than reflected XSS. The malicious code lives on the server. Every page load triggers the attack. The damage continues until someone removes the malicious content.
Impact on Your Site
Attackers can steal user session cookies. They can redirect visitors to phishing sites. They can deface your website with malicious content. They can also perform actions as the logged-in user.
This vulnerability affects all site visitors. Your customers, clients, and team members are at risk. The attack can spread malware to your visitors. This damages your reputation and trust.
Stored XSS can also target WordPress administrators. If an admin views the infected page, the attacker gains admin access. This leads to complete site compromise. The attacker can install backdoors or delete content.
How to Fix It
Update the Liaison Site Prober plugin immediately. The vendor has released a security patch. Go to your WordPress dashboard and check for updates. Install the update without delay.
If you cannot update right away, disable the plugin. This prevents any exploitation until you patch. You can also use a web application firewall. It can block XSS payloads before they reach your site.
Scan your site for existing XSS injections. Use a security plugin to check your database. Remove any malicious content you find. Change all admin passwords as a precaution.
Conclusion
CVE-2026-3569 is a stored XSS vulnerability in Liaison Site Prober. The CVSS score of 5.3 indicates medium severity. Stored XSS attacks are dangerous and persistent. They affect every visitor to your site.
Apply the security update as soon as possible. Do not leave your site vulnerable to script injection. Regular updates are essential for WordPress security. Stay protected by keeping everything current.
What Is Liaison Site Prober?
Liaison Site Prober is a WordPress monitoring and site health plugin. It checks your site’s uptime, performance metrics, and security status. Web agencies and site administrators use it to monitor multiple WordPress sites from a single dashboard.
The plugin collects performance data and displays it in the admin area. A stored XSS vulnerability in this context means an attacker can inject scripts that execute in the monitoring dashboard.
CVE-2026-3569 Explained
CVE-2026-3569 is a stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to sanitize certain data before storing it in the database. When an admin views the monitoring dashboard, the injected script executes in their browser.
With CVSS score 6.4 (Medium), an authenticated attacker needs at least subscriber-level access. Once exploited, they can steal admin session cookies, modify dashboard content, or redirect admins to malicious pages.
For a monitoring plugin, this is especially dangerous. The dashboard is designed to be checked regularly by site administrators. Every time an admin views the dashboard, the attacker’s script runs again. This gives the attacker repeated opportunities to steal credentials or perform actions as the admin.
Affected Versions and Fix
Versions below 1.4.0 are affected. Version 1.4.0 adds proper input sanitization and output escaping.
Update Liaison Site Prober from your WordPress plugins page. After updating, clear your browser cache and log out all users. Change admin passwords as a precaution.
The Liaison Site Prober plugin is available on wordpress.org/plugins/liaison-site-prober/.