MEDIUM
nsthemes
CVE published 2026-05-27
CVE-2026-8707
The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the PHP_SELF variable in all versions up to and including 1.2.4. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. Successful exploitation requires user interaction, such as tricking a victim into clicki [truncated]