PT-2026-30310 · WordPress · Shortcodes Ultimate
Dmitry Ignatyev
·
Published
2026-04-04
·
Updated
2026-04-04
·
CVE-2026-0737
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Shortcodes Plugin - Shortcodes Ultimate versions through 7.4.7
Description
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is caused by inadequate input sanitization and output escaping in the 'src' attribute of the
su lightbox shortcode. Authenticated attackers with contributor level access or higher can inject arbitrary web scripts into pages, which will execute when a user accesses the affected page.Recommendations
Update to a version of WP Shortcodes Plugin - Shortcodes Ultimate greater than 7.4.7.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shortcodes Ultimate