CVE-2026-4032

Name of the Vulnerable Software and Affected Versions CodeColorer versions prior to 0.10.2

Description The CodeColorer plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the class parameter of the 'cc' comment shortcode. Unauthenticated attackers can inject arbitrary web scripts into pages, which execute when a user accesses the affected page. This exploitation is possible if comments are enabled on the target post and guest comments are permitted.

Recommendations Update to a version later than 0.10.1.