CVE Catalog

CVE-2026-57651

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

Cross Site Scripting (XSS) vulnerability in Ghost Kit plugin version 3.6.0 and earlier. The flaw allows an attacker to inject malicious JavaScript code into the page through the contributor functionality.

Risk Assessment

The risk involves potential theft of user sessions, administrator account takeover, or distribution of malware via the injected script.

Recommendation

It is recommended to immediately update the Ghost Kit plugin to a version later than 3.6.0, which includes a fix for the XSS vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS