WordPress Prismatic plugin <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability

Unauthenticated Stored Cross-Site Scripting via 'prismaticencoded' Pseudo-Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Prismatic versions = 3.7.3...

CVE-2026-3876

The CVE-2026-3876 entry describes a Stored XSS in the Prismatic plugin for WordPress, affecting all versions up to 3.7.3. Root cause: insufficient input sanitization and output escaping in the prismatic_decode function for the prismatic_encoded pseudo-shortcode, enabling unauthenticated attackers...