CVE-2026-39642

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published May 26, 2026

Vendor unknown

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7.

References

https://patchstack.com/database/wordpress/theme/nyla/vulnerability/wordpress-nyla-theme-1-7-arbitrary-shortcode-execution-vulnerability?_s_id=cve