Surbma Yoast Seo Breadcrumb Shortcode
Monthly
Stored Cross-Site Scripting in the Surbma Yoast SEO Breadcrumb Shortcode WordPress plugin (versions <= 1.2) allows contributor-level authenticated users to inject malicious JavaScript via the breadcrumb shortcode, which executes in the browser context of any victim who views the affected content - most critically a site administrator. The scope change (S:C) in the CVSS vector confirms the script escapes the plugin's own context and can hijack privileged sessions or perform unauthorized admin actions. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.
Stored Cross-Site Scripting in the Surbma Yoast SEO Breadcrumb Shortcode WordPress plugin (versions <= 1.2) allows contributor-level authenticated users to inject malicious JavaScript via the breadcrumb shortcode, which executes in the browser context of any victim who views the affected content - most critically a site administrator. The scope change (S:C) in the CVSS vector confirms the script escapes the plugin's own context and can hijack privileged sessions or perform unauthorized admin actions. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.