A vulnerability classified as problematic has been found in lucascaro Wavr Plugin up to 0.2.6 on WordPress. The impacted element is the function wave of the component Shortcode Handler . The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-5506 . The attack may be initiated remotely. There is no available exploit.