CVE Catalog
CVE-2026-57764
MediumCVSS 6.5Summary
The Surbma | Yoast SEO Breadcrumb Shortcode plugin version 1.2 and earlier contains a Contributor Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious JavaScript code into the page.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or alter website content, leading to loss of trust and potential financial damage.
Recommendation
Immediately update the Surbma | Yoast SEO Breadcrumb Shortcode plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.

