CVE-2026-3349

Name of the Vulnerable Software and Affected Versions MinhNhut Link Gateway versions prior to 3.6.2

Description The MinhNhut Link Gateway plugin for WordPress contains a Reflected Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping of the url parameter on the redirect page. Unauthenticated attackers can exploit this by tricking a user into clicking a link, allowing the injection and execution of arbitrary web scripts in the user's browser.

Recommendations Update the plugin to a version newer than 3.6.1. As a temporary workaround, restrict or sanitize the use of the url parameter on the redirect page.