Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.6 views

CVE-2025-50007

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS5.4AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.4 views

CVE-2025-50006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

7.1CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.5 views

CVE-2025-54002

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through = 1.2.9.4...

6.5CVSS5.4AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-50006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

7.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-50007

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-54002

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through = 1.2.9.4...

6.5CVSS0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-54002

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS5.3AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.2 views

CVE-2025-54002 WordPress xSmart theme <= 1.2.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through = 1.2.9.4...

6.5CVSS5.9AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.8 views

CVE-2025-54002

CVE-2025-54002: WordPress xSmart theme

6.5CVSS5.4AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.20 views

CVE-2025-54002 WordPress xSmart theme <= 1.2.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through = 1.2.9.4...

6.5CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.9 views

CVE-2025-50007

CVE-2025-50007 is an Incorrect Privilege Assignment vulnerability in the WordPress theme xSmart (Jthemes) affecting versions up to and including 1.2.9.4. Red Hat and NVD entries, mirrored by CVE lists (CVE-2025-50007) and the PatchStack advisory, describe it as a Privilege Escalation risk. The ro...

8.8CVSS5.4AI score0.00405EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.19 views

CVE-2025-50007 WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.1 views

CVE-2025-50006 WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

7.1CVSS5.9AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.1 views

CVE-2025-50006

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

6.1CVSS5.3AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.20 views

CVE-2025-50006 WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through = 1.2.9.4...

7.1CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.2 views

CVE-2025-50007 WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS5.9AI score0.00405EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.11 views

CVE-2025-50006

CVE-2025-50006 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress theme/collection item Jthemes xSmart (xsmart) , affecting versions up to and including 1.2.9.4 . The issue arises from improper handling/neutralization of user-supplied input during web page generation, enabli...

7.1CVSS5.4AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-50007

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

8.8CVSS5.3AI score0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin xSmart has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.4 views

PT-2026-3982

Name of the Vulnerable Software and Affected Versions Jthemes xSmart versions through 1.2.9.4 Description A flaw exists in Jthemes xSmart that allows for Reflected Cross-Site Scripting XSS. This issue arises from improper handling of user-supplied input during web page generation. The vulnerabili...

5.3AI score0.0023EPSS
Exploits0References3
Rows per page
Query Builder