Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting
Description
The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.26+ 1 more
- (no CPE)range: <2.26
- (no CPE)range: <2.26
Patches
Vulnerability mechanics
Root cause
"Missing output escaping on the style attribute of the cool_tag_cloud shortcode allows stored XSS."
Attack vector
An attacker with a role as low as Contributor can craft a `cool_tag_cloud` shortcode containing a malicious `style` attribute with an embedded JavaScript payload. Because the plugin fails to escape the `style` attribute before output, the payload is stored in the WordPress database and rendered in the browser of any visitor viewing the page, resulting in Stored Cross-Site Scripting (XSS) [ref_id=1]. The attack requires only the ability to create or edit posts containing shortcodes.
Affected code
The vulnerability is in the `cool_tag_cloud` shortcode of the Cool Tag Cloud WordPress plugin. The plugin does not escape the `style` attribute of the shortcode, allowing arbitrary HTML attributes to be injected.
What the fix does
The advisory states the vulnerability is fixed in version 2.26 of the Cool Tag Cloud plugin [ref_id=1]. The patch likely adds proper escaping or sanitization to the `style` attribute of the `cool_tag_cloud` shortcode, preventing the injection of arbitrary HTML attributes and JavaScript. No patch diff is provided in the bundle.
Preconditions
- authAttacker must have a WordPress user role of Contributor or higher to create/edit posts with shortcodes
- configThe Cool Tag Cloud plugin must be installed and active with a version prior to 2.26
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- wpscan.com/vulnerability/7dfdd50d-77f9-4f0a-8673-8f033c0b0e05mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.