Reflected XSS Vulnerability in ThemeGoods Grand News WordPress Theme
CVE-2026-27353

7.1HIGH

Key Information:

Vendor: WordPress
Status: Grand News
Vendor: CVE Published:; 5 March 2026

What is CVE-2026-27353?

The Grand News theme by ThemeGoods has a vulnerability that allows attackers to execute malicious scripts through reflected XSS attacks during web page generation. This flaw affects versions of the product up to and including 3.4.3, where improper neutralization of user input may lead to the exploitation of unsuspecting users visiting the compromised site. It is crucial for website owners using this theme to take immediate action to mitigate the risk.

Affected Version(s)

Grand News 0 <= 3.4.3

References

https://patchstack.com/database/Wordpress/Theme/grandnews...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2026-27353 Data

JSON