MEDIUM
neilmccutcheon
CVE published 2026-05-27
CVE-2026-8884
A stored cross-site scripting (XSS) vulnerability exists in the Instant-Quote.co Quotation Page WordPress plugin, affecting versions up to and including 1.3.4. The flaw stems from insufficient input sanitization and output escaping within shortcode attributes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which execute when any user accesses t [truncated]