A vulnerability, which was classified as problematic , was found in brechtvds Easy Image Collage Plugin up to 1.13.6 on WordPress. The affected element is the function update_post_meta . The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-9019 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.