MEDIUM
helgatheviking
CVE published 2026-05-22
CVE-2026-7509
CVE-2026-7509 is a stored cross-site scripting vulnerability in the KIA Subtitle WordPress plugin for WordPress. According to the NVD description, the issue affects all versions up to and including 4.0.1 and can let authenticated users with Contributor-level access or higher inject script content through the plugin’s `the-subtitle` shortcode attributes.