A vulnerability described as problematic has been identified in demonisblack Scoreboard for HTML5 Games Lite Plugin up to 1.2 on WordPress. This affects the function sfhg_shortcode of the component Shortcode Handler . Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-4083 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.