Cross-site Scripting Vulnerability in Garden Gnome Package by Chief Gnome
CVE-2026-39683

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Garden Gnome Package
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39683?

The Garden Gnome Package, developed by Chief Gnome, contains a Cross-site Scripting (XSS) vulnerability that arises from improper neutralization of user input during web page generation. This flaw allows for DOM-based XSS attacks that can be exploited, potentially compromising user data and security. It affects versions of the Garden Gnome Package up to and including 2.4.1, necessitating immediate attention to ensure the safety and integrity of web applications utilizing this package.

Affected Version(s)

Garden Gnome Package 0 <= 2.4.1

References

https://patchstack.com/database/Wordpress/Plugin/garden-g...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2026-39683 Data

JSON