A vulnerability described as problematic has been identified in surbma Surbma Plugin up to 2.0.1 on WordPress. This affects the function surbma_infusionsoft_shortcode_shortcode of the component Shortcode Handler . Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability is registered as CVE-2026-11597 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.