Product
The Breakdance plugin for WordPress, in versions up to and including 2.7.1, is susceptible to CVE-2026-7543, a Stored Cross-Site Scripting (XSS) vulnerability via the 'fields' parameter, enabling unauthenticated attackers to inject arbitrary web scripts that execute when users access affected pages, potentially leading to session hijacking, data theft, or defacement.