A vulnerability classified as problematic was found in websoudan MW WP Form Plugin up to 5.1.3 on WordPress. This issue affects the function update_post_meta . Executing a manipulation of the argument memo can lead to cross site scripting. This vulnerability is tracked as CVE-2026-8853 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.