Description Lack of output escaping leads to a XSS vector in the multilingual associations component. Remediation References CVE-2026-21631 Related Vulnerabilities WordPress Plugin Alphabetic Pagination Security Bypass (3.0.7) TYPO3 Improper Input Validation Vulnerability (CVE-2010-5099) WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2) Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2026-33001) WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0) Severity Medium Classification CVE-2026-21631 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities