🔐 CVE Alert

CVE-2026-28099

HIGH 7.1

WordPress UberSlider Ultra plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through <= 2.3.

CWE CWE-79
Vendor lambertgroup
Product uberslider ultra
Published Mar 5, 2026
Last Updated Apr 1, 2026
Stay Ahead of the Next One

Get instant alerts for lambertgroup uberslider ultra

Be the first to know when new high vulnerabilities affecting lambertgroup uberslider ultra are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

LambertGroup / UberSlider Ultra
0 ≤ 2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/uberSlider_ultra/vulnerability/wordpress-uberslider-ultra-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Credits

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program