MEDIUM
garber
CVE published 2026-05-27
CVE-2026-8702
## Summary Stored Cross-Site Scripting (XSS) vulnerability in the GBI To Print WordPress plugin version 1.0, allowing authenticated contributors and above to inject arbitrary JavaScript via the 'div' shortcode attribute. ## Technical Details The vulnerability exists in the `gbi_toprint_shortcode()` function, which fails to apply `esc_attr()` or equivalent sanitization when outputting the 'div' shortcode a [truncated]