A vulnerability was found in bplugins Info Cards Plugin up to 2.0.7 on WordPress. It has been rated as problematic . This vulnerability affects the function esc_attr of the file render.php of the component URL Protocol . This manipulation of the argument btnUrl causes cross site scripting. This vulnerability appears as CVE-2026-4120 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.