4 matches found
CVE-2026-8894
The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iwrtooltip shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the iwrtooltip shortcode handler — the...
CVE-2026-8894
The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iwrtooltip shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the iwrtooltip shortcode handler — the...
CVE-2026-8894
The CVE-2026-8894 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin iWR Tooltip (versions up to 1.0). The flaw arises from insufficient input sanitization and output escaping in the iwr_tooltip() shortcode handler, where the title attribute is concatenated direct...
PT-2026-43528
The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iwrtooltip shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the iwr tooltip shortcode handler — the...