CVE-2026-27087
Reflected XSS in G5Theme Wolverine Framework
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| g5theme | wolverine_framework | to 1.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27087 is a medium severity Cross Site Scripting (XSS) vulnerability found in the WordPress Wolverine Framework Plugin versions up to and including 1.9.
This vulnerability allows attackers to inject malicious scripts, such as redirects, advertisements, or other HTML payloads, into affected websites. These scripts execute when visitors access the site.
Exploitation can be initiated by an unauthenticated user but requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form.
The vulnerability is classified under the OWASP Top 10 category A3: Injection and has a CVSS score of 7.1, indicating moderate danger.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.
Such attacks can compromise the integrity and trustworthiness of your website, potentially harming your users and damaging your reputation.
Since exploitation requires user interaction by a privileged user, attackers may trick administrators or other authorized users into triggering the malicious payload.
The vulnerability is expected to be exploited in mass campaigns targeting many websites regardless of their traffic or popularity.
No official patch is currently available, so immediate mitigation or resolution is strongly advised, such as applying Patchstackβs mitigation rule or updating the plugin when a patch is released.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation or resolution is strongly advised, either by updating the Wolverine Framework plugin when a patch becomes available or by applying Patchstackβs mitigation rule that can block attacks until an official patch is released and safely applied.
Users who are unable to update the plugin should seek assistance from their hosting provider or web developer to apply the mitigation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to inject malicious scripts into affected websites, which can lead to unauthorized access or manipulation of user data.
Such unauthorized data exposure or manipulation can potentially violate data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access or breaches.
Therefore, if exploited, this Cross-site Scripting (XSS) vulnerability could compromise compliance with these common standards by exposing user data or enabling malicious actions on the website.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a reflected Cross-Site Scripting (XSS) issue in the Wolverine Framework WordPress plugin versions up to 1.9. Detection typically involves testing for injection of malicious scripts in web page inputs and observing if they are reflected unescaped in the output.
Since no official patch is available yet, and the vulnerability requires user interaction via crafted URLs or forms, detection can be done by sending specially crafted HTTP requests to the affected web application and checking if the input is reflected in the response without proper neutralization.
Example commands to detect this vulnerability could include using curl or similar tools to send payloads that include script tags or typical XSS test strings and inspecting the response for reflected input.
- curl -i "http://targetsite.com/page?param=<script>alert('XSS')</script>"
- Observe the HTTP response for the presence of the injected script tag without encoding or sanitization.
- Use browser developer tools or intercepting proxies (e.g., Burp Suite) to analyze responses for reflected input.
Additionally, applying Patchstackβs mitigation rules or scanning with security tools that detect reflected XSS vulnerabilities can help identify exploitation attempts or vulnerable endpoints.