A vulnerability identified as problematic has been detected in goback2 Logo Manager for Enamad Plugin up to 0.7.4 on WordPress. This vulnerability affects the function vc_enamad_namad/vc_enamad_shamed/vc_enamad_custom of the component Shortcode Handler . This manipulation of the argument Title causes cross site scripting. This vulnerability is tracked as CVE-2026-6549 . The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.