CVE-2026-1838 | prasunsen Hostel Plugin up to 1.1.6 on WordPress Shortcode shortcode_id cross site scripting

A vulnerability classified as problematic was found in prasunsen Hostel Plugin up to 1.1.6 on WordPress. Impacted is an unknown function of the component Shortcode Handler. The manipulation of the argument shortcode_id results in cross site scripting.

This vulnerability is identified as CVE-2026-1838. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More