CVE-2026-9714 | creaweb2b Simple Divi Shortcode Plugin up to 1.2 on WordPress showmodule_shortcode ID cross site scripting (EUVD-2026-33252)

The Simple Divi Shortcode WordPress plugin (versions up to 1.2) contains a stored cross-site scripting (XSS) vulnerability in the showmodule_shortcode handler via the 'id' shortcode attribute (CVE-2026-9714); insufficient sanitization and escaping allow authenticated contributors to inject scripts that execute when pages are viewed. The flaw was disclosed by Muhammad Yudha and published 2026-05-29; exploitation is remote but requires authenticated user interaction and no public exploit is currently available.