CVE-2026-4067
CVE-2026-4067: The Ad Short WordPress plugin (≤ v2.0.1) is vulnerable to Stored XSS via the ad shortcode’s client attribute due to insufficient input sanitization and missing escaping when constructing the data-ad-client attribute. The ad_func() handler reads the client attribute with shortcode_a...