A vulnerability, which was classified as problematic, was found in parorrey JSON API User Plugin up to 4.1.0 on WordPress. Affected is the function
post_comment of the component JSON API. The manipulation of the argument content results in cross site scripting.
This vulnerability is identified as CVE-2026-9626. The attack can be executed remotely. There is not any exploit available.