CVE-2026-4075
CVE-2026-4075 : The BWL Advanced FAQ Manager Lite WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the baf_sbox shortcode in all versions up to 1.1.1. The issue arises from insufficient input sanitization and output escaping of user-supplied shortcode attributes (e.g., sb...