CVE-2026-1295 | Buy Now Plus Plugin up to 1.0.2 on WordPress Shortcode cross site scripting
A vulnerability described as problematic has been identified in Buy Now Plus Plugin up to 1.0.2 on WordPress. This impacts an unknown function of the component Shortcode Handler. The manipulation results in cross site scripting.
This vulnerability is known as CVE-2026-1295. It is possible to launch the attack remotely. No exploit is available.