CVE-2026-4665 | shapedplugin WP Carousel Free Plugin up to 2.7.10 on WordPress Fancybox fancybox-config.js wp_kses_post cross site scripting

A vulnerability, which was classified as problematic, has been found in shapedplugin WP Carousel Free Plugin up to 2.7.10 on WordPress. This vulnerability affects the function wp_kses_post of the file fancybox-config.js of the component Fancybox Handler. Performing a manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2026-4665. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More