CVE-2026-27332
Published: 05 March 2026
Summary
CVE-2026-27332 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2026-27332, published on 2026-03-05, is an improper neutralization of input during web page generation vulnerability, classified as reflected cross-site scripting (XSS) under CWE-79. It affects the skygroup Agrofood WordPress theme, impacting all versions from n/a through less than 1.4.0. The vulnerability carries a CVSS v3.1 base score of 7.1, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Unauthenticated attackers accessible over the network can exploit this issue with low attack complexity, though it requires user interaction, such as visiting a maliciously crafted URL. Exploitation enables reflected XSS, allowing attackers to inject and execute arbitrary scripts in the victim's browser context, resulting in low impacts to confidentiality, integrity, and availability, but with a changed scope that may affect other users or resources.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/agrofood/vulnerability/wordpress-agrofood-theme-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve details the reflected XSS vulnerability in the Agrofood theme version 1.3.0, recommending mitigation by updating to version 1.4.0 or later.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9606
Vulnerability details
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through < 1.4.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables arbitrary client-side script execution in the victim's browser via malicious URL, directly facilitating session hijacking (T1185) and cookie theft (T1539).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation and sanitization of all inputs to block the unneutralized reflected XSS payload before it reaches the web page generator.
Enforces output encoding/filtering so that any untrusted data reflected from the crafted URL cannot execute as script in the victim's browser.
Deploys malicious-code protections (e.g., WAF rules or browser XSS filters) that can recognize and block the reflected script injection pattern.