WordPress Easy Prism Syntax Highlighter <= 1.0.2 Authenticated Stored XSS via Shortcode Attributes (CVE-2026-8875)

Vulnerability Overview Vulnerability Name: Easy Prism Syntax Highlighter <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE ID: CVE-2026-8875 CVSS Score: 6.4 (Medium) Publication Date: May 26, 2026 Last Updated: May 27, 2026 Researcher: Gilang - DJ Impact Scope Software Type: Plugin Software Name: easy-prism-syntax-highlighter Affected Versions: <= 1.0.2 Remediation Patch Status: No known patch available Recommendations: Thoroughly review the vulnerability details and implement mitigation measures based on your organization's risk tolerance. It may be necessary to uninstall the affected software and seek alternative solutions. Vulnerability Description The Easy Prism Syntax Highlighter plugin, in version 1.0.2 and below, contains a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability arises from insufficient input sanitization and output escaping of user-supplied attributes within the plugin's and shortcodes. Attackers can exploit this flaw to inject arbitrary web scripts, which are executed when users visit pages containing these scripts. References plugins.trac.wordpress.org plugins.trac.wordpress.org Sharing Options Facebook Twitter LinkedIn Email Additional Information Business Hours: 9am-6pm ET, 6am-5pm PT, and 2pm-1am UTC/GMT (excluding weekends and holidays) Response Time: 24-hour support for customers receiving 24-hour service, with a 1-hour response time, 365 days a year Copyright Information Copyright: © 2012-2026 Defiant Inc. All Rights Reserved License: Used under the terms of the Defiant Inc. license Contact Technical Support: support@wordfence.com Other Links Terms of Service Privacy Policy and Notice at Collection Do Not Sell or Share My Personal Information Social Media Facebook Twitter LinkedIn Instagram Subscription Subscription Form: Enter email address to subscribe for news and updates Other Resources Wordfence Free Wordfence Premium Wordfence Care Wordfence Response Wordfence CLI Wordfence Intelligence Wordfence Central Support Documentation Learning Center Free Support Premium Support News Blog In The News Vulnerability Advisories About About Wordfence Affiliate Program Employment Contact Security CVE Request Form Stay Updated Subscription Form: Enter email address to subscribe for news and updates Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified without permission. Other Disclaimer: The content included on this page is copyrighted and may not be copied, distributed, or modified

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Easy Prism Syntax Highlighter <= 1.0.2 Authenticated Stored XSS via Shortcode Attributes (CVE-2026-8875)

More from this source