LambertGroup AllInOne Banner with Playlist Can Inject Malicious Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

LambertGroup AllInOne Banner with Playlist Can Inject Malicious Code

CVE-2026-28110

Summary

A security issue in LambertGroup's AllInOne Banner with Playlist could allow an attacker to inject malicious code into a website, potentially stealing user information or taking control of the site. The issue affects all versions of the product up to 3.8. Updates are available to fix the problem, and it's recommended to apply them as soon as possible to prevent potential attacks.

Original title

Original description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8.

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/all-in-one-bannerWithPlaylist/v...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026