ThemeGoods Photography allows hackers to inject malicious code into web pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

ThemeGoods Photography allows hackers to inject malicious code into web pages

CVE-2026-27348

Summary

A weakness in ThemeGoods Photography allows a hacker to inject malicious code into a website, potentially stealing user data or taking control of the site. This could happen if a user visits a specially crafted link or uploads a malicious file. To stay safe, update to version 7.6.2 or later.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/photography/vulnerability/wordpr...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026