CVE-2026-27426
Deferred Deferred - Pending Action

Unauthenticated XSS in Automotive Car Dealership Business

Vulnerability report for CVE-2026-27426, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Automotive Car Dealership Business Theme, versions 13.3.3 and below, is vulnerable to a Cross Site Scripting (XSS) attack.

This vulnerability allows attackers to inject malicious scripts such as redirects or advertisements into the website by exploiting user interaction with a crafted link, page, or form.

Successful exploitation requires a privileged user to interact with the malicious content.

Impact Analysis

This vulnerability has a medium priority with a CVSS score of 7.1, indicating it is moderately dangerous.

If exploited, attackers can inject malicious scripts that may redirect users or display unwanted advertisements, potentially compromising user trust and website integrity.

It could be exploited in mass-exploit campaigns targeting thousands of websites, increasing the risk of widespread impact.

Mitigation Strategies

The vulnerability affects the WordPress Automotive Car Dealership Business Theme versions 13.3.3 and below and allows Cross Site Scripting (XSS) attacks.

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks until an official patch is released.

It is advised to update the affected theme to a fixed version once available or seek assistance from your hosting provider or a web developer to implement protective measures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27426. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart