A vulnerability, which was classified as problematic , has been found in wpcodefactory Cost of Goods Plugin up to 4.1.0 on WordPress. Affected is the function alg_wc_cog_product_cost of the component Shortcode Handler . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-6962 . The attack may be initiated remotely. There is no available exploit.