A vulnerability marked as problematic has been reported in mcinvale Faces of Users Plugin up to 0.0.3 on WordPress. Impacted is the function facesofusers of the component Shortcode Handler . Performing a manipulation of the argument default results in cross site scripting. This vulnerability is cataloged as CVE-2026-8038 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.