Gn Themes Wp Shortcodes Plugin Shortcodes Ultimate vulnerabilities
21 known vulnerabilities affecting gn_themes/wp_shortcodes_plugin_shortcodes_ultimate.
Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM21
Vulnerabilities
Page 1 of 2
CVE-2025-0370P3MEDIUMCVSS 5.4≤ 7.3.32025-03-04
CVE-2025-0370 [MEDIUM] CWE-79 CVE-2025-0370: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary
nvd
CVE-2025-12800P3MEDIUMCVSS 6.4≤ 7.4.52025-11-23
CVE-2025-12800 [MEDIUM] CWE-918 CVE-2025-12800: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Req
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating fr
nvd
CVE-2026-0738P4MEDIUMCVSS 6.4≤ 7.4.82026-04-04
CVE-2026-0738 [MEDIUM] CWE-79 CVE-2026-0738: The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'su_slide_link' attachment meta field. This makes it possible for authenticated attackers, w
nvd
CVE-2026-0737P4MEDIUMCVSS 6.4≤ 7.4.72026-04-04
CVE-2026-0737 [MEDIUM] CWE-79 CVE-2026-0737: The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the su_lightbox shortcode. This makes it possible for authenticated attackers, with contributor level a
nvd
CVE-2026-2480P4MEDIUMCVSS 6.4≤ 7.4.102026-03-31
CVE-2026-2480 [MEDIUM] CWE-79 CVE-2026-2480: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,
nvd
CVE-2025-7354P4MEDIUMCVSS 6.4≤ 7.4.22025-07-21
CVE-2025-7354 [MEDIUM] CWE-79 CVE-2025-7354: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access
nvd
CVE-2024-5647P4MEDIUMCVSS 6.4≤ 7.4.22025-07-03
CVE-2024-5647 [MEDIUM] CWE-79 CVE-2024-5647: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundle
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a
nvd
CVE-2026-3885P4MEDIUMCVSS 6.4≤ 7.4.92026-04-16
CVE-2026-3885 [MEDIUM] CWE-79 CVE-2026-3885: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve
nvd
CVE-2025-8015P4MEDIUMCVSS 6.4≤ 7.4.22025-07-22
CVE-2025-8015 [MEDIUM] CWE-79 CVE-2025-8015: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and
nvd
CVE-2024-13362P4MEDIUMCVSS 6.1≤ 7.3.32026-05-01
CVE-2024-13362 [MEDIUM] CWE-79 CVE-2024-13362: Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via th
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into perfor
nvd
CVE-2023-6225P4MEDIUMCVSS 5.4≤ 5.13.32023-11-28
CVE-2023-6225 [MEDIUM] CWE-79 CVE-2023-6225: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated at
nvd
CVE-2024-3550P4MEDIUMCVSS 5.4≤ 7.1.22024-05-02
CVE-2024-3550 [MEDIUM] CWE-79 CVE-2024-3550: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acce
nvd
CVE-2024-1510P4MEDIUMCVSS 5.4≤ 7.0.22024-02-20
CVE-2024-1510 [MEDIUM] CWE-79 CVE-2024-1510: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attacke
nvd
CVE-2023-6488P4MEDIUMCVSS 5.4≤ 7.0.02023-12-19
CVE-2023-6488 [MEDIUM] CWE-79 CVE-2023-6488: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated
nvd
CVE-2024-0792P4MEDIUMCVSS 5.4≤ 7.0.12024-02-29
CVE-2024-0792 [MEDIUM] CWE-79 CVE-2024-0792: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above per
nvd
CVE-2024-8500P4MEDIUMCVSS 5.4≤ 7.2.22024-10-23
CVE-2024-8500 [MEDIUM] CWE-79 CVE-2024-8500: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitra
nvd
CVE-2024-4553P4MEDIUMCVSS 5.4≤ 7.1.52024-05-21
CVE-2024-4553 [MEDIUM] CWE-79 CVE-2024-4553: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contr
nvd
CVE-2025-5567P4MEDIUMCVSS 5.4≤ 7.4.02025-07-04
CVE-2025-5567 [MEDIUM] CWE-79 CVE-2025-5567: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to
nvd
CVE-2023-6226P4MEDIUMCVSS 4.3≤ 5.13.32023-11-28
CVE-2023-6226 [MEDIUM] CWE-639 CVE-2023-6226: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and abo
nvd
CVE-2024-4821P4MEDIUMCVSS 5.4≤ 7.1.62024-06-05
CVE-2024-4821 [MEDIUM] CWE-79 CVE-2024-4821: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-l
nvd
1 / 2Next →