Claue Theme Allows Hackers to Run Malicious Scripts on Your Site

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Claue Theme Allows Hackers to Run Malicious Scripts on Your Site

CVE-2026-27376

Summary

The Claue theme has a security flaw that allows hackers to inject malicious code into your website. This could lead to your site being compromised or your customers' data being stolen. To fix this, update the theme to the latest version (2.2.8 or higher) or consider replacing it with a different theme.

Original title

Original description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/claue/vulnerability/wordpress-cl...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026