CVE-2026-10531
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
The AI Share & Summarize WordPress plugin before version 2.0.4 does not sanitize and escape some shortcode attributes before outputting them on a page, allowing users with Contributor role and above to perform Stored Cross-Site Scripting attacks.
Risk Assessment
An attacker can inject malicious JavaScript code into page content, which will execute in visitors' browsers, leading to session theft, redirects, or defacement.
Recommendation
Update the AI Share & Summarize plugin to version 2.0.4 or later, which includes necessary protections against XSS attacks.
Original NVD description (English source)
The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, allowing users with the Contributor role and above to perform Stored Cross-Site Scripting attacks.

