CVE-2026-8048

Name of the Vulnerable Software and Affected Versions My Email Shortcode versions prior to 0.92

Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping within the subject attribute of the 'my-email' shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.

Recommendations Update the plugin to a version later than 0.91.