What is GHSA-2m2r-cm3x-6c7x?

GHSA-2m2r-cm3x-6c7x is a security advisory published by GitHub Security Advisories with High severity. The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the...

Which CVE IDs does GHSA-2m2r-cm3x-6c7x cover?

GHSA-2m2r-cm3x-6c7x covers the following CVE IDs: CVE-2026-6268. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2m2r-cm3x-6c7x?

GHSA-2m2r-cm3x-6c7x has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-2m2r-cm3x-6c7xHighCVSS 7.1

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-6268 →

📋 Description

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in users.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-6268
https://wpscan.com/vulnerability/77192aeb-8e4b-4057-b5d7-2b95da634edd
https://github.com/advisories/GHSA-2m2r-cm3x-6c7x