MEDIUM
golzarrahman
CVE published 2026-05-27
CVE-2026-8701
The GNTT Post Title Ticker plugin for WordPress version 1.0 contains a stored cross-site scripting (XSS) vulnerability affecting three shortcodes: `title-ticker-slide`, `title-ticker-fade`, and `title-ticker-typing`. The vulnerability stems from insufficient input sanitization and output escaping on multiple shortcode attributes—including `border`, `width`, `height`, `header_background`, `header_text_colo [truncated]