What is GHSA-7gg2-vjp2-m5j2?

GHSA-7gg2-vjp2-m5j2 is a security advisory published by GitHub Security Advisories with Medium severity. The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...

Which CVE IDs does GHSA-7gg2-vjp2-m5j2 cover?

GHSA-7gg2-vjp2-m5j2 covers the following CVE IDs: CVE-2026-3348. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7gg2-vjp2-m5j2?

GHSA-7gg2-vjp2-m5j2 has a CVSS v3 base score of 4.4, published by GitHub Security Advisories.

GHSA-7gg2-vjp2-m5j2MediumCVSS 4.4

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-3348 →

📋 Description

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the redirect page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-3348
https://plugins.trac.wordpress.org/browser/minhnhut-link-gateway/trunk/classes.php#L100
https://plugins.trac.wordpress.org/browser/minhnhut-link-gateway/trunk/templates/default/index.php#L7
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9458918-beaf-4bad-8abd-521547df9497?source=cve
https://github.com/advisories/GHSA-7gg2-vjp2-m5j2