HarborGuard / CVE
Back to search
HIGHCVE-2026-28110Published Modified CNA Patchstack

CVE-2026-28110: WordPress LambertGroup - AllInOne - Banner with Playlist plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8.

Metrics

CVSS v3.1
7.1
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • LambertGroup / LambertGroup - AllInOne - Banner with Playlist
    ≤ 3.8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
References
CVE-2026-28110: WordPress LambertGroup - AllInOne - Banner with Playlist plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability | HarborGuard CVE