MEDIUM
celloexpressions
CVE published 2026-05-27
CVE-2026-8873
A stored cross-site scripting (XSS) vulnerability exists in the Content Slideshow WordPress plugin, affecting all versions up to and including 2.4.1. The flaw stems from insufficient input sanitization and output escaping within shortcode attributes. Attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which execute when users access the injected content. The vuln [truncated]