CVE-2026-5070

Name of the Vulnerable Software and Affected Versions Vantage theme for WordPress versions prior to 1.20.33

Description Stored Cross-Site Scripting is possible via Gallery block text content due to insufficient output escaping in the gallery template. Authenticated attackers with contributor-level access and above can inject arbitrary web scripts into pages, which execute when a user accesses the affected page.

Recommendations Update to a version newer than 1.20.32.