MEDIUM
cryptoprijzen
CVE published 2026-05-27
CVE-2026-8698
A stored cross-site scripting (XSS) vulnerability exists in the Cryptocurrency Prijsvergelijking Widget plugin for WordPress, version 1.0. The flaw resides in the `as_get_coin_shortcode()` function, which fails to escape the 'width' and 'height' shortcode attributes before rendering them within the style attribute of an iframe element. An attacker with contributor-level access or higher can inject malicio [truncated]