Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Grand News Theme Allows Hackers to Inject Malicious Code
CVE-2026-27353
Summary
The Grand News theme is vulnerable to a type of attack that allows hackers to inject malicious code into a website using user input. This could lead to sensitive information being stolen or visitors being redirected to phishing sites. Update the theme to version 3.4.4 or later to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a th...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026