CVE-2026-10024 | 360crest TinyMCE Shortcode Addon Plugin up to 1.0.0 on WordPress btnrel cross site scripting
A vulnerability was found in 360crest TinyMCE Shortcode Addon Plugin up to 1.0.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation of the argument btnrel leads to cross site scripting.
This vulnerability is referenced as CVE-2026-10024. Remote exploitation of the attack is possible. No exploit is available.