CVE-2026-8038 | mcinvale Faces of Users Plugin up to 0.0.3 on WordPress Shortcode facesofusers default cross site scripting

May 20, 2026 Yanac

A vulnerability marked as problematic has been reported in mcinvale Faces of Users Plugin up to 0.0.3 on WordPress. Impacted is the function facesofusers of the component Shortcode Handler. Performing a manipulation of the argument default results in cross site scripting.

This vulnerability is cataloged as CVE-2026-8038. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More