Reflected XSS Vulnerability in Themebox by Jthemes
CVE-2025-52747

7.1HIGH

Key Information:

Vendor: WordPress
Status: Themebox - Digital Products Ecommerce
Vendor: CVE Published:; 27 May 2026

What is CVE-2025-52747?

A vulnerability exists in the Themebox - Digital Products Ecommerce by Jthemes due to improper neutralization of user input during web page generation. This flaw enables attackers to execute malicious scripts in the context of an unsuspecting user's browser, potentially leading to data theft or account compromise. The issue affects versions of the product up to 1.4.2, highlighting the importance of ensuring prompt updates and adopting secure coding practices.

Affected Version(s)

Themebox - Digital Products Ecommerce <= 1.4.2

References

https://patchstack.com/database/wordpress/theme/themebox/...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Jun 19, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

CVE-2025-52747 Data

JSON