A vulnerability was found in tstachl WordPress PayPal Donation Plugin up to 1.01 on WordPress. It has been rated as problematic . This vulnerability affects the function wordpress_paypal_donation_create of the component Shortcode Handler . The manipulation of the argument amount/email/title/return_url/cancel_url/ccode/image leads to cross site scripting. This vulnerability is traded as CVE-2026-4072 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the af