WordPress · Image Alt Text Manager · CVE-2026-3350
**Name of the Vulnerable Software and Affected Versions**
Image Alt Text Manager plugin for WordPress versions prior to 1.8.3
**Description**
The Image Alt Text Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of inadequate input sanitization and output escaping when creating image alt and title attributes using a DOM parser. Authenticated attackers with Author-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.
**Recommendations**
Update the Image Alt Text Manager plugin to version 1.8.3 or later.