Description Lack of output escaping leads to a XSS vector in the feed modules. Remediation References CVE-2026-25900 Related Vulnerabilities WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Cross-Site Scripting (1.4.9.5) OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7052) concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986) WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3) WordPress Plugin JC Coupon Cross-Site Scripting (2.5) Severity Medium Classification CVE-2026-25900 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities