CVE-2026-6910 Bookero.pl <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...