Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode

Description

A vulnerability marked as problematic has been reported in gn_themes WP Shortcodes Plugin up to 7.4.8 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. This manipulation of the argument su_slide_link causes cross site scripting. This vulnerability appears as CVE-2026-0738. The attack may be initiated remotely. It is suggested to upgrade the affected component.

Affected Products

Vendor	Product	Versions
gn themes	wp shortcodes plugin — shortcodes ultimate	0

References

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-0738 | gn_themes WP Shortcodes Plugin up to 7.4.8 on WordPress Shortcode su_slide_link cross site scripting

→ No new info (linked only)

CVSS 3.16.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-79

PublishedApr 4, 2026

Last enriched3h agov2

Trending Score24

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History