A vulnerability classified as problematic was found in wclovers WCFM Marketplace Plugin up to 3.7.3 on WordPress. Affected by this vulnerability is the function innerHTML of the file /wp-json/wp/v2/media of the component Media. Such manipulation of the argument post_title leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-12126. The attack can be launched remotely. No exploit exists.