Description
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Published: 2026-06-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated Cross Site Scripting flaw (CWE-79) in the NanoMag WordPress theme versions 1.8 and below. It allows an attacker to inject and execute arbitrary JavaScript within the context of the site, potentially impacting users by hijacking sessions, defacing content, or enabling other malicious actions.

Affected Systems

The affected product is the Jellywp NanoMag WordPress theme, versions 1.8 and earlier. Sites using these releases are vulnerable until the theme is upgraded to a patched version.

Risk and Exploitability

The CVSS score of 7.1 classifies the flaw as high severity. The EPSS score is not available, so the exploitation probability cannot be quantified. The vulnerability is not listed in CISA's KEV catalog. Because the flaw is unauthenticated and does not require special privileges or network access, an attacker can trigger it by loading a crafted URL or submitting malicious input through the theme's interfaces from any browser.

Generated by OpenCVE AI on June 26, 2026 at 18:06 UTC.

Remediation

Vendor Solution

Update the WordPress NanoMag Theme to the latest available version (at least 1.9).

OpenCVE Recommended Actions

  • Update the NanoMag theme to version 1.9 or later.
  • If an immediate update is not possible, temporarily disable the theme on affected sites.
  • Add a web‑application firewall rule or enforce a content security policy to block or sanitize script‑like input targeting the theme.

Generated by OpenCVE AI on June 26, 2026 at 18:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Title WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:32:55.876Z

Reserved: 2026-06-24T12:45:08.530Z

Link: CVE-2026-57325

cve-icon Vulnrichment

Updated: 2026-06-26T15:32:51.435Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T18:15:04Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')