MEDIUM
samiullah-kaifi
CVE published 2026-05-27
CVE-2026-8845
## Summary Stored Cross-Site Scripting (XSS) vulnerability in the Islamic Database WordPress plugin, affecting versions up to and including 1.0. The flaw resides in the `islamicDB-roqya` shortcode handler (`islamicDB_sc_quran_qari_roqya()`), where user-supplied `width` and `height` attributes are concatenated directly into HTML iframe attributes without adequate sanitization or output escaping. This allow [truncated]