A vulnerability labeled as problematic has been found in robin-w bbp Style Pack Plugin up to 6.4.5 on WordPress. Affected is the function
bsp_topic_fields_form_save/bsp_topic_content_append_topic_fields of the component Topic Form Additional Fields Feature. The manipulation of the argument bsp_topic_fields_label{n} results in cross site scripting.
This vulnerability is reported as CVE-2026-15010. The attack can be launched remotely. No exploit exists.