Is WordPress affected by CVE-2026-27376?

A reflected cross-site scripting (XSS) vulnerability exists in the Claue WooCommerce theme affecting versions up to 2.2.7, allowing attackers to inject malicious scripts that could compromise customer sessions, steal credentials, or redirect users to phishing sites.

CVE-2026-27376

Q: How to fix CVE-2026-27376?

Within 24 hours: Audit all websites using Claue theme <= 2.2.7 and document affected properties; notify development and security teams. Within 7 days: Implement WAF rules to filter XSS payloads targeting known vulnerable parameters; disable user-facing input fields if possible; add Content Security Policy headers to prevent script execution. Within 30 days: Contact JanStudio for patch availability and timeline; evaluate alternative themes if patch is not released; conduct penetration testing on affected sites post-remediation.

HIGH

2026-03-05 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 06:16 nvd

HIGH 7.1

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.

Analysis

The Claue WordPress theme through version 2.2.7 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. An attacker can exploit this by crafting a malicious URL to steal sensitive information, perform unauthorized actions, or compromise user sessions without requiring any special privileges or interaction with the application itself.

Remediation

Within 24 hours: Audit all websites using Claue theme <= 2.2.7 and document affected properties; notify development and security teams. Within 7 days: Implement WAF rules to filter XSS payloads targeting known vulnerable parameters; disable user-facing input fields if possible; add Content Security Policy headers to prevent script execution. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2026-27376 vulnerability details – vuln.today

Back

CVE-2026-27376

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-27376

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code