Skip to main content

Magone

1 CVEs product

Monthly

CVE-2026-39548 HIGH This Week

Reflected cross-site scripting in the MagOne WordPress theme versions 9.0 and earlier allows remote unauthenticated attackers to inject arbitrary script into a victim's browser session when the victim is lured to a crafted link. CVSS rates this 7.1 with a scope change (S:C), reflecting the ability to affect resources beyond the vulnerable component such as the authenticated WordPress session. No public exploit identified at time of analysis, but Patchstack has published the advisory in their WordPress vulnerability database.

XSS Magone
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the MagOne WordPress theme versions 9.0 and earlier allows remote unauthenticated attackers to inject arbitrary script into a victim's browser session when the victim is lured to a crafted link. CVSS rates this 7.1 with a scope change (S:C), reflecting the ability to affect resources beyond the vulnerable component such as the authenticated WordPress session. No public exploit identified at time of analysis, but Patchstack has published the advisory in their WordPress vulnerability database.

XSS Magone
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy