How serious is CVE-2026-28132?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-28132?

Check the official CVE details for a complete list of affected products and versions.

How do I fix CVE-2026-28132?

To remediate CVE-2026-28132, check for security patches from the vendor. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-28132

Medium

|5.3

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to inject malicious code into web pages displayed by the WooCommerce Photo Reviews plugin, potentially leading to unauthorized actions or data theft from users. It affects versions up to 1.4.4, and an attacker would need to find a way to submit harmful content that the plugin does not properly filter.

Technical Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Feb 26, 2026

about 1 month ago

Last Modified

Feb 27, 2026

about 1 month ago