Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/27 8:16 a.m.13 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.10 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.40 views

CVE-2026-11597 Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/27 6:50 a.m.20 views

CVE-2026-11597

The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/27 6:50 a.m.10 views

EUVD-2026-39956

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53049

Name of the Vulnerable Software and Affected Versions Surbma | Infusionsoft Shortcode versions prior to 2.0.2 Description Stored Cross-Site Scripting occurs via the 'infusionsoft-form' shortcode. The issue stems from insufficient input sanitization and output escaping within the surbma infusionso...

6.4CVSS6AI score0.00193EPSS
Exploits0References10
Rows per page
Query Builder