CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection.

This issue affects Nyla: from n/a through 1.7.

More information : https://patchstack.com/database/wordpress/theme/nyla/vulnerability/wordpress-nyla-theme-1-7-arbitrary-shortcode-execution-vulnerability?_s_id=cve