CVE-2026-8894 | vinaysankhyan iWR Tooltip Plugin up to 1.0 on WordPress Shortcode iwr_tooltip Title cross site scripting

Inserito da Angelo Barbosa | Mag 27, 2026 | CVE

A vulnerability, which was classified as problematic, was found in vinaysankhyan iWR Tooltip Plugin up to 1.0 on WordPress. Impacted is the function iwr_tooltip of the component Shortcode Handler. Executing a manipulation of the argument Title can lead to cross site scripting.

This vulnerability is registered as CVE-2026-8894. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-8894 | vinaysankhyan iWR Tooltip Plugin up to 1.0 on WordPress Shortcode iwr_tooltip Title cross site scripting

Post correlati

CVE-2024-40551 | Sanluan PublicCMS 4.0.202302.e File doUpload unrestricted upload

CVE-2023-6704 | Google Chrome prior 120.0.6099.109 libavif use after free

CVE-2024-56770 | Linux Kernel up to 6.12.5 netem qlen reference count

CVE-2025-11910 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 MemoryState.do?Action=Query query orderField sql injection