A vulnerability was found in jhdscript ZeM STL Plugin up to 1.0 on WordPress. It has been classified as problematic . This affects the function esc_attr of the component Shortcode Handler . This manipulation of the argument url/color/bgcolor causes cross site scripting. This vulnerability is tracked as CVE-2026-4081 . The attack is possible to be carried out remotely. No exploit exists.