CVE-2026-4022

Name of the Vulnerable Software and Affected Versions Show Posts list – Easy designs, filters and more plugin for WordPress versions through 1.1.0

Description The Show Posts list plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to inadequate input sanitization and output escaping of user-supplied attributes, specifically within the post type shortcode attribute of the swiftpost-list shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will then execute when a user accesses the compromised page.

Recommendations Versions prior to and including 1.1.0 should be updated.