MEDIUM
kevin1804
CVE published 2026-05-27
CVE-2026-8844
A stored cross-site scripting (XSS) vulnerability in the Responsive Check WordPress plugin allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts via the 'rspcheck' shortcode. The flaw exists in versions up to and including 0.0.3 due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes within the rspc_check_sh [truncated]