A vulnerability, which was classified as problematic, has been found in wp-buy Visitor Traffic Real Time Statistics Plugin up to 8.4 on WordPress. Affected is an unknown function of the component Title Section. This manipulation of the argument page_title causes cross site scripting.
This vulnerability is handled as CVE-2026-2936. The attack can be initiated remotely. There is not any exploit available.
