CVE-2026-56072
Deferred Deferred - Pending Action

Unauthenticated XSS in WoodMart Theme

Vulnerability report for CVE-2026-56072, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack woodmart to 8.5.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated Cross Site Scripting (XSS) issue found in the WordPress WoodMart Theme versions up to and including 8.5.3.

It allows attackers to inject malicious scripts into the website, which can execute when a user interacts with the site, such as by clicking a malicious link or visiting a crafted page.

The injected scripts can perform actions like redirects or displaying unwanted advertisements.

This vulnerability has a CVSS score of 7.1, indicating a moderate level of risk.

Detection Guidance

This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress WoodMart Theme versions up to 8.5.3. Detection typically involves monitoring for suspicious script injections or unusual redirects on affected websites.

While no specific commands are provided in the resources, common detection methods include reviewing web server logs for unusual query strings or payloads, using web vulnerability scanners that detect XSS, or applying Patchstack's mitigation rules which may include detection signatures.

Impact Analysis

Exploitation of this vulnerability can lead to attackers injecting malicious scripts into your website, potentially causing harm to your users and your site's reputation.

  • Users may be redirected to malicious websites.
  • Attackers can display unwanted advertisements or other harmful content.
  • It may result in loss of user trust and damage to your brand.

Since the vulnerability requires user interaction, the risk depends on users clicking malicious links or visiting crafted pages.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in WoodMart versions up to 8.5.3 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate recommended step is to update the WoodMart Theme to version 8.5.4 or later, where the vulnerability has been patched.

Until the update can be applied, users are advised to implement the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart