MEDIUM
jegstudio
CVE published 2026-05-27
CVE-2026-3001
A reflected cross-site scripting (XSS) vulnerability in the Gutenverse WordPress plugin allows unauthenticated attackers to inject arbitrary web scripts via a crafted URL. The vulnerability exists in the `render_content()` method within `class-search-result-title.php`, which outputs the search query parameter directly into HTML without proper escaping. Successful exploitation requires the `gutenverse/sear [truncated]