A vulnerability described as problematic has been identified in Surbma Plugin up to 2.1 on WordPress. This impacts the function surbma-bookingcom of the component Shortcode Handler . Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-1607 . The attack may be performed from remote. There is no available exploit.