Reflected Cross-Site Scripting in MinhNhut Link Gateway Plugin for WordPress
CVE-2026-3349

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Minhnhut Link Gateway
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-3349?

The MinhNhut Link Gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate validation of user inputs within the 'url' parameter on the redirect page. This vulnerability affects all versions up to and including 3.6.1. Attackers can exploit this flaw to inject malicious scripts, leading to the execution of harmful actions if a user clicks on a manipulated link. Proper input sanitization and output encoding measures are essential to mitigate this security risk.

Affected Version(s)

MinhNhut Link Gateway 0 <= 3.6.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/minhnhut-link-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Feb 27, 2026

Credit

san6051

CVE-2026-3349 Data

JSON