CVE-2026-4920 | jeremyshapiro Next Date Plugin up to 1.0 on WordPress Shortcode default cross site scripting

A vulnerability marked as problematic has been reported in jeremyshapiro Next Date Plugin up to 1.0 on WordPress. This affects an unknown part of the component Shortcode Handler. This manipulation of the argument default causes cross site scripting.

This vulnerability is tracked as CVE-2026-4920. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More