MEDIUM
cuamckuy
CVE published 2026-05-27
CVE-2026-8875
A stored cross-site scripting (XSS) vulnerability exists in the Easy Prism Syntax Highlighter WordPress plugin, affecting versions up to and including 1.0.2. The flaw resides in the plugin's shortcode handler function, where user-supplied positional attributes are concatenated directly into HTML class attributes without proper sanitization or escaping. Specifically, the 'code' and 'c' shortcodes accept a [truncated]