CVE-2026-10077
CVE-2026-10077 affects the YOOtheme Pro WordPress theme prior to 5.0.35. The bundled front-end UIkit framework fails to prevent certain HTML attributes, allowed by wp_kses_post(), from being treated as markup. This enables Stored XSS by users with the Author role, affecting any viewer of the comp...