MEDIUM
goback2
CVE published 2026-05-20
CVE-2026-6549
A stored cross-site scripting (XSS) vulnerability exists in the Logo Manager For Enamad WordPress plugin, affecting versions up to and including 0.7.4. The flaw resides in the 'title' attribute of three shortcodes: `vc_enamad_namad`, `vc_enamad_shamed`, and `vc_enamad_custom`. Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access or higher to injec [truncated]