CVE-2026-4088 | wpshouter Switch CTA Box Plugin up to 1.1 on WordPress Shortcode wppw_cta_box cross site scripting

A vulnerability has been found in wpshouter Switch CTA Box Plugin up to 1.1 on WordPress and classified as problematic. Affected by this vulnerability is the function wppw_cta_box of the component Shortcode Handler. Performing a manipulation of the argument cta_box_button_link/cta_box_button_id/cta_box_button_text/cta_box_description results in cross site scripting.

This vulnerability is cataloged as CVE-2026-4088. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More