Skip to main content

Surbma Yoast Seo Breadcrumb Shortcode

1 CVEs product

Monthly

CVE-2026-57764 MEDIUM This Month

Stored Cross-Site Scripting in the Surbma Yoast SEO Breadcrumb Shortcode WordPress plugin (versions <= 1.2) allows contributor-level authenticated users to inject malicious JavaScript via the breadcrumb shortcode, which executes in the browser context of any victim who views the affected content - most critically a site administrator. The scope change (S:C) in the CVSS vector confirms the script escapes the plugin's own context and can hijack privileged sessions or perform unauthorized admin actions. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.

XSS Surbma Yoast Seo Breadcrumb Shortcode
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in the Surbma Yoast SEO Breadcrumb Shortcode WordPress plugin (versions <= 1.2) allows contributor-level authenticated users to inject malicious JavaScript via the breadcrumb shortcode, which executes in the browser context of any victim who views the affected content - most critically a site administrator. The scope change (S:C) in the CVSS vector confirms the script escapes the plugin's own context and can hijack privileged sessions or perform unauthorized admin actions. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.

XSS Surbma Yoast Seo Breadcrumb Shortcode
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy