CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...