CVE-2026-27402
Deferred Deferred - Pending Action

Unauthenticated XSS in Kids Life WordPress Plugin

Vulnerability report for CVE-2026-27402, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability is an unauthenticated Cross Site Scripting (XSS) issue in the Kids Life | Children School WordPress Theme version 5.2 or below.

It allows attackers to inject malicious scripts into the website, which then execute when visitors access the site.

This type of attack can be triggered without authentication, meaning anyone can exploit it.

Impact Analysis

Exploitation of this vulnerability can lead to attackers executing malicious scripts on your website.

This can result in theft of user data, session hijacking, defacement of the website, or distribution of malware to visitors.

Because the vulnerability has a CVSS score of 7.1, it represents a moderate risk and could be used in widespread attack campaigns.

Mitigation Strategies

The vulnerability affects the Kids Life | Children School WordPress Theme version 5.2 or below and allows Cross Site Scripting (XSS) attacks.

Since there is no official patch available yet, immediate mitigation can be done by applying the Patchstack mitigation rule to block attacks until an official fix is released.

Users are advised to update the theme immediately to a version above 5.2 once available.

If unable to update the theme, seek assistance from your hosting provider or developer to implement temporary protections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27402. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart