What is CVE-2026-5070?

CVE-2026-5070 is a medium-severity vulnerability in Siteorigin Vantage, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-04-16.

How severe is CVE-2026-5070?

Medium severity. CVSS v3 base score is 6.4 out of 10.

XSS in Siteorigin Vantage

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for a…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (1.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Siteorigin Vantage — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.wordfence.com/threat-intel/vulnerabilities/id/fb7d4eee-fd81-4d9d-8d8d-a5687…
themes.trac.wordpress.org/changeset/320834/vantage

Frequently asked questions

What is CVE-2026-5070?: CVE-2026-5070 is a medium-severity vulnerability in Siteorigin Vantage, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-04-16.
How severe is CVE-2026-5070?: Medium severity. CVSS v3 base score is 6.4 out of 10.