CVE-2026-22520: WordPress Handmade Framework plugin <= 3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Q: What is CVE-2026-22520?

CVE-2026-22520 is a reflected cross-site scripting (XSS) vulnerability in the G5Theme Handmade Framework plugin versions up to 3.9.

Q: What is the severity of CVE-2026-22520?

CVE-2026-22520 has a high severity rating of 7.1 on the CVSS scale.

Q: How do I fix CVE-2026-22520?

To fix CVE-2026-22520, you should update the G5Theme Handmade Framework plugin to a version later than 3.9.

Q: Who is affected by CVE-2026-22520?

Any users of the G5Theme Handmade Framework plugin from n/a through version 3.9 are affected by CVE-2026-22520.

Q: What impact does CVE-2026-22520 have?

CVE-2026-22520 allows attackers to execute arbitrary JavaScript code in the context of the user's browser, posing significant security risks.

Published Mar 25, 2026

Updated

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Framework: from n/a through <= 3.9.

Affected Software

1 affected component

G5Theme Handmade Framework<=3.9

Event History

Mar 25, 2026

CVE Published

via MITRE·04:14 PM

Data Sourced

via MITRE·04:14 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·05:16 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is CVE-2026-22520?

CVE-2026-22520 is a reflected cross-site scripting (XSS) vulnerability in the G5Theme Handmade Framework plugin versions up to 3.9.

What is the severity of CVE-2026-22520?

CVE-2026-22520 has a high severity rating of 7.1 on the CVSS scale.

How do I fix CVE-2026-22520?

To fix CVE-2026-22520, you should update the G5Theme Handmade Framework plugin to a version later than 3.9.

Who is affected by CVE-2026-22520?

Any users of the G5Theme Handmade Framework plugin from n/a through version 3.9 are affected by CVE-2026-22520.

What impact does CVE-2026-22520 have?