MEDIUM
ektorcaba
CVE published 2026-05-27
CVE-2026-8837
A stored cross-site scripting (XSS) vulnerability exists in the WP Iframe Geo Style for Amazon affiliates WordPress plugin. The flaw resides in the 'adid' shortcode attribute, where insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. These scripts execute when any user accesses a page containing the inje [truncated]