A vulnerability, which was classified as problematic, has been found in stellarwp GiveWP Plugin up to 4.16.3 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation of the argument twitter_message leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-14987. The attack is possible to be carried out remotely. No exploit exists.