CVE Catalog

CVE-2026-57764

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Surbma | Yoast SEO Breadcrumb Shortcode plugin version 1.2 and earlier contains a Contributor Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious JavaScript code into the page.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or alter website content, leading to loss of trust and potential financial damage.

Recommendation

Immediately update the Surbma | Yoast SEO Breadcrumb Shortcode plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS