CVE-2026-1914

Name of the Vulnerable Software and Affected Versions FuseDesk plugin for WordPress versions through 6.8

Description The software contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping on the 'emailtext' attribute within the fusedesk newcase shortcode. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update to a version newer than 6.8.