DukaMarket: Hackers can inject malicious code into your website

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

DukaMarket: Hackers can inject malicious code into your website

CVE-2026-39628

Summary

A security issue in DukaMarket allows hackers to inject code into your website, potentially stealing sensitive information or taking control of your site. This issue affects DukaMarket versions up to 1.3.0. We recommend updating to the latest version of DukaMarket to fix this issue.

Original title

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through...

Original description

Vulnerability type

CWE-80 Basic XSS

https://patchstack.com/database/Wordpress/Theme/dukamarket/vulnerability/wordpre...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026