MEDIUM
codycave
CVE published 2026-05-27
CVE-2026-8703
CVE-2026-8703 is a stored cross-site scripting (XSS) vulnerability in the Endless Scroll plugin for WordPress, affecting all versions up to and including 1.0.0. The flaw stems from insufficient input sanitization and output escaping within shortcode attributes, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts execute wheneve [truncated]