What is GHSA-ch38-8ggq-4hxr?

GHSA-ch38-8ggq-4hxr is a security advisory published by GitHub Security Advisories with Medium severity. The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's'...

Which CVE IDs does GHSA-ch38-8ggq-4hxr cover?

GHSA-ch38-8ggq-4hxr covers the following CVE IDs: CVE-2026-3001. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-ch38-8ggq-4hxr?

GHSA-ch38-8ggq-4hxr has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

GHSA-ch38-8ggq-4hxrMediumCVSS 6.1

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's'...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-3001 →

📋 Description

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render_content() method in class-search-result-title.php outputs the value of get_query_var('s') directly into the page HTML without applying esc_html() or any other escaping function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a crafted URL that execute if a user clicks the link, provided the gutenverse/search-result-title block is present on the site's search results template.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-3001
https://plugins.trac.wordpress.org/browser/gutenverse/trunk/includes/block/class-search-result-title.php#L29
https://plugins.trac.wordpress.org/changeset/3468383
https://www.wordfence.com/threat-intel/vulnerabilities/id/23518a21-7b76-4edb-9a35-b6f623ed50a7?source=cve
https://github.com/advisories/GHSA-ch38-8ggq-4hxr