Cross Site Scripting Vulnerability in Surbma | Yoast SEO Breadcrumb Shortcode
CVE-2026-57764

6.5MEDIUM

What is CVE-2026-57764?

A Cross Site Scripting (XSS) vulnerability exists in the Surbma | Yoast SEO Breadcrumb Shortcode plugin versions up to 1.2, allowing attackers to inject malicious scripts. This could potentially lead to data theft or unauthorized actions on behalf of users who visit the compromised site. It is crucial for users and site administrators to update their plugins to mitigate this risk and maintain overall website security.

Affected Version(s)

Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zaim | Patchstack Bug Bounty Program
.