A vulnerability classified as problematic was found in Passeum Ticketing Plugin up to 1.0 on WordPress. The affected element is the function get_shop_url of the component Setting Handler . The manipulation of the argument shop_name results in cross site scripting. This vulnerability was named CVE-2026-7421 . The attack may be performed from remote. There is no available exploit.