A vulnerability described as problematic has been identified in 2winfactor Presto Player Plugin up to 4.2.0 on WordPress. Affected by this issue is the function getOverlays of the component presto-dynamic-overlay-ui Web . The manipulation of the argument link_url results in cross site scripting. This vulnerability is identified as CVE-2026-9125 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.