Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gn_themes — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting gn_themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

gn_themes is a widely deployed WordPress theme framework utilized by numerous websites to customize visual presentation and layout. Its extensive market presence has made it a frequent target for automated scanning tools, resulting in twenty recorded Common Vulnerabilities and Exposures. The most prevalent security flaws involve cross-site scripting and SQL injection, primarily stemming from insufficient input validation in theme options and template files. Additionally, several instances of remote code execution have been identified, often linked to insecure file handling practices within the theme’s update mechanisms. While not inherently malicious, the complexity of the codebase has historically led to privilege escalation vulnerabilities that allow unauthorized administrative access. These issues highlight the risks associated with complex, third-party WordPress extensions that may not undergo rigorous security auditing, necessitating regular updates and strict input sanitization by developers to mitigate potential exploitation vectors.

Top products by gn_themes: WP Shortcodes Plugin — Shortcodes Ultimate
CVE IDTitleCVSSSeverityPublished
CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2026-04-16
CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2026-04-04
CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2026-04-04
CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2026-03-31
CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery — WP Shortcodes Plugin — Shortcodes UltimateCWE-918 6.4 Medium2025-11-23
CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2025-07-22
CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution — WP Shortcodes Plugin — Shortcodes UltimateCWE-352 6.1 Medium2025-07-21
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2025-07-21
CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2025-07-04
CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2025-03-04
CVE-2024-8500 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 5.4 Medium2024-10-23
CVE-2024-4821 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-06-05
CVE-2024-4553 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-05-21
CVE-2024-3550 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-05-02
CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-02-28
CVE-2024-0792 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-02-20
CVE-2024-1510 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2024-02-20
CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 5.4 Medium2023-12-19
CVE-2023-6225 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Shortcodes Plugin — Shortcodes UltimateCWE-79 6.4 Medium2023-11-28
CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure — WP Shortcodes Plugin — Shortcodes UltimateCWE-639 4.3 Medium2023-11-28

This page lists every published CVE security advisory associated with gn_themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.