CVE Catalog

CVE-2026-10531

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

The AI Share & Summarize WordPress plugin before version 2.0.4 does not sanitize and escape some shortcode attributes before outputting them on a page, allowing users with Contributor role and above to perform Stored Cross-Site Scripting attacks.

Risk Assessment

An attacker can inject malicious JavaScript code into page content, which will execute in visitors' browsers, leading to session theft, redirects, or defacement.

Recommendation

Update the AI Share & Summarize plugin to version 2.0.4 or later, which includes necessary protections against XSS attacks.

Original NVD description (English source)

The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, allowing users with the Contributor role and above to perform Stored Cross-Site Scripting attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS