EIP-2026-114082

This is a technical writeup detailing HTML code injection and XSS vulnerabilities in the WordPress Plugin Catalog (version 1.1). It describes how the 'view=showproduct' parameter allows attackers to inject malicious code via unvalidated form submissions, which are stored in the database.