MEDIUM
paulpela
CVE published 2026-05-27
CVE-2026-8048
A stored cross-site scripting (XSS) vulnerability exists in the My Email Shortcode WordPress plugin. The flaw resides in the 'subject' attribute of the 'my-email' shortcode, where insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts. These scripts execute when any user accesses a page containing the inject [truncated]