MEDIUM
vincentastolfi
CVE published 2026-05-27
CVE-2026-8897
## Summary Stored Cross-Site Scripting (XSS) vulnerability in the Shortcode Buddy WordPress plugin, affecting versions up to and including 0.1.9.5. The flaw stems from insufficient input sanitization and output escaping within shortcode attributes, allowing authenticated attackers with contributor-level privileges or higher to inject persistent JavaScript payloads. These payloads execute when any user acc [truncated]