Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

Description

A vulnerability labeled as problematic has been found in gn_themes WP Shortcodes Plugin up to 7.4.7 on WordPress. This affects the function su_lightbox of the component Shortcode Handler. The manipulation of the argument src results in cross site scripting. This vulnerability is reported as CVE-2026-0737. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

Affected Products

Vendor	Product	Versions
gn themes	wp shortcodes plugin — shortcodes ultimate	0

References

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-0737 | gn_themes WP Shortcodes Plugin up to 7.4.7 on WordPress Shortcode su_lightbox src cross site scripting

→ No new info (linked only)

CVSS 3.16.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-79

PublishedApr 4, 2026

Last enriched3h agov2

Trending Score24

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History