July 4, 2026

CVE-2026–10091: Stored XSS in Email JavaScript Cloak WordPress Plugin

When a simple shortcode becomes a persistent script injection vector

By CyberPodcast

7 min read