A vulnerability was found in WishSuite Plugin up to 1.5.1 on WordPress and classified as problematic. This impacts the function wishsuite_button of the component Shortcode Handler. The manipulation of the argument button_text results in cross site scripting.

This vulnerability was named CVE-2025-13838. The attack may be performed from remote. There is no available exploit.