Agrofood Reflected Cross-Site Scripting Allows Malicious Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Agrofood Reflected Cross-Site Scripting Allows Malicious Code Injection

CVE-2026-27332

Summary

An attacker can inject malicious code into Agrofood, potentially stealing sensitive user data or taking control of user accounts. This issue affects all versions of Agrofood prior to 1.3.1. To protect your users, update to the latest version of Agrofood.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through <...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/agrofood/vulnerability/wordpress...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026