A vulnerability was found in payaddons Express Payment for Stripe Plugin up to 1.28.0 on WordPress. It has been declared as problematic . Affected is the function register_shortcode of the component Shortcode Handler . The manipulation of the argument Type results in cross site scripting. This vulnerability is known as CVE-2026-8893 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.