CVE-2025-7649 | Surbma Plugin up to 2.0 on WordPress Shortcode recent-comments cross site scripting (EUVD-2025-25068)
A vulnerability, which was classified as problematic, was found in Surbma Plugin up to 2.0 on WordPress. This affects the function recent-comments of the component Shortcode Handler. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-7649. The attack can be launched remotely. No exploit exists.