CVE-2026-28099 PUBLISHED

WordPress UberSlider Ultra plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Assigner: Patchstack
Reserved: 25.02.2026 Published: 05.03.2026 Updated: 05.03.2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through <= 2.3.

Product Status

Vendor LambertGroup
Product UberSlider Ultra
Versions Default: unaffected
  • affected from n/a to <= 2.3 (incl.)

Credits

  • João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program finder

References

Problem Types

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE

Impacts

  • Reflected XSS