MEDIUM
bradyholt
CVE published 2026-05-27
CVE-2026-8866
The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'googleslides' shortcode in all versions up to and including 1.3. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes (userid, albumid, authkey, imgmax, maxresults, random, caption, albumlink, time, and fadespeed) within the googleslides_handler() [truncated]