CVE-2026-3348

Name of the Vulnerable Software and Affected Versions MinhNhut Link Gateway versions prior to 3.6.2

Description The MinhNhut Link Gateway plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping within the plugin settings, specifically affecting the Description, Title, and other fields. This allows authenticated attackers with Administrator-level access or higher to inject arbitrary web scripts into pages, which execute when a user visits the redirect page. This issue specifically impacts multi-site installations and environments where unfiltered html has been disabled.

Recommendations Update the plugin to a version later than 3.6.1.