All 4 CVE vulnerabilities found in xSmart, with AI-generated Chinese analysis, references, and POCs.
Vendor: Jthemes
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-54002 | WordPress xSmart theme <= 1.2.9.4 - Broken Access Control vulnerability CWE-862 | 6.5 | Medium | 2026-01-22 |
| CVE-2025-50007 | WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability CWE-266 | 7.8AI | HighAI | 2026-01-22 |
| CVE-2025-50006 | WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 | 7.1 | High | 2026-01-22 |
| CVE-2025-62936 | WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability CWE-80 | 4.3 | Medium | 2025-10-27 |
All 4 known CVE vulnerabilities affecting xSmart with full Chinese analysis, references, and POCs where available.