[MEDIUM] The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

PKSA-675z-6zmn-1gbt CVE-2026-4267 GHSA-2xr4-chcf-vmvf

Affected version: <3.20.4

Reported by:
GitHub