CVE-2026-0738 in WP Shortcodes Plugin정보

요약 (영어)

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'su_slide_link' attachment meta field. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

Wordfence

예약하다

2026. 01. 08.

공개

2026. 04. 04.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
355304gn_themes WP Shortcodes Plugin Shortcode 크로스 사이트 스크립팅79정의되지 않음공식 수정CVE-2026-0738

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!