A vulnerability was found in helpstring Global Body Mass Index Calculator Plugin up to 1.2 on WordPress. It has been rated as problematic . This issue affects the function GBMI_Calc_Widget::widget of the component Shortcode Handler . This manipulation of the argument args causes cross site scripting. The identification of this vulnerability is CVE-2026-8883 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.