Garden Gnome Package Software Allows Hackers to Steal User Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Garden Gnome Package Software Allows Hackers to Steal User Data

CVE-2026-39683

Summary

The Garden Gnome Package software has a security flaw that allows hackers to inject malicious code into the software's web interface. This means that if a user visits a website using this software, their browser could be tricked into doing something it shouldn't. We recommend updating to a newer version of the software to fix this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects G...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/garden-gnome-package/vulnerabil...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026