CVE-2026-27359

Name of the Vulnerable Software and Affected Versions fox-themes Awa Plugins versions through 1.4.4

Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The vulnerability exists in the awa-plugins component. The issue allows attackers to execute arbitrary JavaScript code in the context of a user's browser. The vulnerable component does not properly sanitize user-supplied input before including it in the generated web page, which enables the injection of malicious scripts.

Recommendations Update fox-themes Awa Plugins to a version later than 1.4.4.