CVE-2026-5505

Name of the Vulnerable Software and Affected Versions WP-Clippy versions prior to 1.0.1

Description The WP-Clippy plugin for WordPress contains a stored cross-site scripting issue. This occurs because of insufficient input sanitization and output escaping on user-supplied attributes within the clippy shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.

Recommendations Update to a version later than 1.0.0.