MEDIUM
yehudah
CVE published 2026-05-27
CVE-2026-8040
A stored cross-site scripting (XSS) vulnerability exists in the FAQ Shortcode plugin for WordPress. The flaw resides in the 'color' attribute of the 'faq' shortcode, where insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts. These scripts execute when any user accesses a page containing the injected short [truncated]