Skip to main content

Qubely

1 CVEs product

Monthly

CVE-2026-39638 MEDIUM This Month

Stored cross-site scripting (XSS) in Themeum Qubely WordPress plugin version 1.8.14 and earlier allows authenticated high-privilege users to inject malicious scripts that execute in the browsers of other site visitors, compromising session integrity and enabling credential theft or malware distribution. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk, but stored persistence means injected payloads remain active until remediated. EPSS exploitation probability is extremely low at 0.03%, suggesting minimal real-world targeting despite public disclosure.

XSS Qubely
NVD
CVSS 3.1
5.9
EPSS
0.0%
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored cross-site scripting (XSS) in Themeum Qubely WordPress plugin version 1.8.14 and earlier allows authenticated high-privilege users to inject malicious scripts that execute in the browsers of other site visitors, compromising session integrity and enabling credential theft or malware distribution. The vulnerability requires administrator authentication and user interaction (UI:R), limiting immediate risk, but stored persistence means injected payloads remain active until remediated. EPSS exploitation probability is extremely low at 0.03%, suggesting minimal real-world targeting despite public disclosure.

XSS Qubely
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy