A vulnerability, which was classified as problematic , was found in raja3c Tiled Gallery Carousel without JetPack Plugin up to 3.1 on WordPress. This affects an unknown part. The manipulation of the argument data-image-title results in cross site scripting. This vulnerability was named CVE-2026-5191 . The attack may be performed from remote. There is no available exploit.