A vulnerability classified as problematic has been found in andrewabarber Extra Settings for RocketChat Plugin up to 0.1 on WordPress. The impacted element is the function rxstg_shortcode of the component Setting Handler . The manipulation of the argument Title leads to cross site scripting. This vulnerability is documented as CVE-2026-8841 . The attack can be initiated remotely. There is not any exploit available.