Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-04-07

CVE-2026-0738 - Wp Shortcodes Plugin Shortcodes Ultimate

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'su_slide_link' attachment meta field. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Shortcodes Plugin Shortcodes Ultimate

CVE-2026-0738

MEDIUM CVSS 6.4 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-07

CVE-2026-0737 - Wp Shortcodes Plugin Shortcodes Ultimate

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the su_lightbox shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Shortcodes Plugin Shortcodes Ultimate

CVE-2026-0737

MEDIUM CVSS 6.4 2026-04-04
Open Full Technical Breakdown
Scroll to top