Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
DesignThemes Portfolio: User Data Can Be Hijacked
CVE-2026-27385
Summary
The DesignThemes Portfolio website has a security flaw that allows hackers to inject malicious code into the website. This could potentially allow them to access sensitive user information or take control of user accounts. It's recommended to update the DesignThemes Portfolio plugin to the latest version to fix this issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affe...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3.
nvd CVSS3.1
7.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026