CVE-2026-1915

Name of the Vulnerable Software and Affected Versions Simple Plyr plugin for WordPress versions prior to 0.0.2

Description The Simple Plyr plugin for WordPress is susceptible to Stored Cross-Site Scripting through the poster parameter within the 'plyr' shortcode. Insufficient input sanitization and output escaping of user-supplied attributes allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the affected page.

Recommendations Update the Simple Plyr plugin to version 0.0.2 or later.