A vulnerability, which was classified as problematic , was found in helgatheviking KIA Subtitle Plugin up to 4.0.1 on WordPress. This affects the function before of the component Shortcode Handler . Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-7509 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.