A vulnerability labeled as problematic has been found in gn_themes WP Shortcodes Plugin up to 7.4.7 on WordPress. This affects the function su_lightbox of the component Shortcode Handler . The manipulation of the argument src results in cross site scripting. This vulnerability is reported as CVE-2026-0737 . The attack can be launched remotely. No exploit exists. The affected component should be upgraded.