Gn_themes Wp Shortcodes Plugin — Shortcodes Ultimate

22 CVEs affecting Gn_themes Wp Shortcodes Plugin — Shortcodes Ultimate. Latest disclosed: 2026-05-01. Critical: 0, High: 0.

Top CVEs affecting Gn_themes Wp Shortcodes Plugin — Shortcodes Ultimate
CVESeverityScorePublishedSummary
CVE-2026-3885Medium6.42026-04-16The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all ver…
CVE-2026-0737Medium6.42026-04-04The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. T…
CVE-2026-0738Medium6.42026-04-04The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions…
CVE-2026-2480Medium6.42026-03-31The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box`…
CVE-2025-12800Medium6.42025-11-23The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 vi…
CVE-2025-8015Medium6.42025-07-22The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide lin…
CVE-2025-7354Medium6.42025-07-21The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up…
CVE-2025-5567Medium6.42025-07-04The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in al…
CVE-2024-5647Medium6.42025-07-03Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versio…
CVE-2025-0370Medium6.42025-03-04The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to…
CVE-2024-4821Medium6.42024-06-05The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all…
CVE-2024-4553Medium6.42024-05-21The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all…
CVE-2024-3550Medium6.42024-05-02The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions…
CVE-2024-1808Medium6.42024-02-28The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all…
CVE-2024-0792Medium6.42024-02-20The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions…
CVE-2024-1510Medium6.42024-02-20The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all v…
CVE-2023-6225Medium6.42023-11-28The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined wi…
CVE-2024-13362Medium6.12026-05-01Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient inp…
CVE-2025-7369Medium6.12025-07-21The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. Th…
CVE-2024-8500Medium5.42024-10-23The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up…