A vulnerability was found in codesupplyco Canvas Plugin up to 2.5.2 on WordPress. It has been declared as problematic . This vulnerability affects unknown code. The manipulation of the argument day results in cross site scripting. This vulnerability is cataloged as CVE-2026-9629 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.