A vulnerability classified as problematic was found in Shariff for WordPress Plugin up to 1.0.11 on WordPress. The impacted element is the function generateshariff of the component Setting Handler . Executing a manipulation of the argument shariff_infourl can lead to cross site scripting. This vulnerability appears as CVE-2026-9677 . The attack may be performed from remote. There is no available exploit.