Skip to main content

LMS WordPress Theme CVE-2026-27404

| EUVDEUVD-2026-41329 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-07-02 Patchstack GHSA-mmf8-rfrr-cx8x
7.1
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
6.1 MEDIUM

Unauthenticated network reflected XSS needing victim click (UI:R) with browser-context scope change (S:C); low confidentiality/integrity impact but no genuine availability effect, so A:N.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:09 vuln.today

DescriptionCVE.org

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

AnalysisAI

Reflected Cross-Site Scripting in the designthemes LMS WordPress theme (versions 9.7 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they open a crafted link. Reported by Patchstack, the flaw carries CVSS 7.1 with a scope change, reflecting cross-context impact; no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft URL with malicious script in LMS parameter
Delivery
Deliver link via phishing or malicious post
Exploit
Victim opens link on vulnerable LMS site
Execution
Theme reflects payload unescaped into page
Persist
Script executes in victim browser context
Impact
Steal session or perform actions as victim

Vulnerability AssessmentAI

Exploitation Exploitation requires no authentication (PR:N) but does require user interaction (UI:R): a victim must open an attacker-crafted link or request targeting a reflected input parameter of the LMS theme on a site running version 9.7 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, base 7.1) indicates network-reachable, low-complexity, unauthenticated exploitation, but critically requires user interaction (UI:R) - a victim must click or load an attacker-supplied link - which meaningfully lowers real-world exploitability compared to a no-interaction flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a URL to a site running the LMS theme with a malicious script embedded in a reflected parameter and delivers it via phishing email, forum post, or malicious ad. When a logged-in administrator or ordinary visitor opens the link, the theme reflects the payload into the page and the script executes in their browser, enabling session-token theft, CSRF-style actions, or redirection. …
Remediation Upgrade the LMS theme to a release newer than 9.7 once the vendor/Patchstack advisory confirms a fixed version; the supplied data does not include an exact patched version number, so verify the current fixed release directly via the Patchstack advisory (https://patchstack.com/database/wordpress/theme/lms/vulnerability/wordpress-lms-theme-9-7-reflected-cross-site-scripting-xss-vulnerability) before scheduling. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all WordPress deployments for designthemes LMS theme; identify affected versions and document business criticality of each instance. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-27404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy