CVE-2026-2924: Gutenverse WordPress Plugin XSS Vulnerability
Platform
wordpress
Component
gutenverse
Fixed in
3.4.7
CVE-2026-2924 is a stored Cross-Site Scripting (XSS) vulnerability. It allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are then executed when a user accesses the injected page. This affects Gutenverse WordPress plugin versions up to and including 3.4.6. The vulnerability is fixed in version 3.4.7.
How to fix
Update to version 3.4.7, or a newer patched version
Frequently asked questions
What is CVE-2026-2924?
CVE-2026-2924 is a stored Cross-Site Scripting (XSS) vulnerability in the Gutenverse WordPress plugin that allows authenticated users to inject malicious scripts into website pages.
Am I affected by CVE-2026-2924?
You are affected if you are using the Gutenverse WordPress plugin version 3.4.6 or earlier and have users with contributor-level access or higher. These users could potentially inject malicious scripts.
How do I fix CVE-2026-2924?
To fix this vulnerability, update the Gutenverse WordPress plugin to version 3.4.7 or later. This version includes a patch that addresses the XSS vulnerability.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free