A vulnerability classified as problematic was found in widgetpack Reviews Widgets for Google, Yelp & TripAdvisor Plugin up to 2.7.3. This affects the function Feed_Shortcode::fbrev of the component Shortcode Handler. The manipulation of the argument page_id results in cross site scripting.

This vulnerability was named CVE-2026-12154. The attack may be performed from remote. There is no available exploit.