CVE-2026-4075 | xenioushk BWL Advanced FAQ Manager Lite Plugin up to 1.1.1 on WordPress Shortcode esc_attr cross site scripting

A vulnerability was found in xenioushk BWL Advanced FAQ Manager Lite Plugin up to 1.1.1 on WordPress. It has been rated as problematic. This impacts the function esc_attr of the component Shortcode Handler. The manipulation of the argument sbox_id/sbox_class/placeholder/highlight_color/highlight_bg/cont_ext_class leads to cross site scripting.

This vulnerability is traded as CVE-2026-4075. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More