Skip to main content

Nativechurch

1 CVEs product

Monthly

CVE-2026-27408 HIGH This Week

Reflected cross-site scripting in the NativeChurch WordPress theme (versions 4.8.8.2 and earlier, by imithemes) allows unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (7.1) reflects a scope change with limited confidentiality, integrity, and availability impact, and requires victim interaction. No public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed through Patchstack's WordPress vulnerability database.

XSS Nativechurch
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the NativeChurch WordPress theme (versions 4.8.8.2 and earlier, by imithemes) allows unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (7.1) reflects a scope change with limited confidentiality, integrity, and availability impact, and requires victim interaction. No public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed through Patchstack's WordPress vulnerability database.

XSS Nativechurch
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy