PT-2026-53047 · Undefined · Undefined

Published

2026-06-27

Updated

2026-06-27

CVE-2026-9677

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff infourl setting before outputting it in the frontend HTML via the generateshariff() function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed (for example in multisite setup).

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-9677

Affected Products

Undefined

PT-2026-53047 · Undefined · Undefined

CVE-2026-9677

Related Identifiers

Affected Products

References · 2