Skip to main content

Handmade Framework

1 CVEs product

Monthly

CVE-2026-22520 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the G5Theme Handmade Framework WordPress plugin through version 3.9, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation, classified under CWE-79. Attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers when clicked, potentially leading to session hijacking, credential theft, or malware distribution.

XSS Handmade Framework
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the G5Theme Handmade Framework WordPress plugin through version 3.9, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation, classified under CWE-79. Attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers when clicked, potentially leading to session hijacking, credential theft, or malware distribution.

XSS Handmade Framework
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy