A vulnerability was found in WPZOOM Portfolio Plugin up to 1.4.21 on WordPress. It has been declared as problematic . Impacted is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-49069 . The attack can be executed remotely. There is not any exploit available.