CVE Catalog
CVE-2026-57651
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.13%
3th percentile — higher than 3% of all known CVEs
Summary
Cross Site Scripting (XSS) vulnerability in Ghost Kit plugin version 3.6.0 and earlier. The flaw allows an attacker to inject malicious JavaScript code into the page through the contributor functionality.
Risk Assessment
The risk involves potential theft of user sessions, administrator account takeover, or distribution of malware via the injected script.
Recommendation
It is recommended to immediately update the Ghost Kit plugin to a version later than 3.6.0, which includes a fix for the XSS vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

