Unauthenticated XSS Vulnerability in MagOne Theme by Patchstack
CVE-2026-39548

7.1HIGH

Key Information:

Vendor: WordPress
Status: Magone
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-39548?

The MagOne theme for WordPress has a security flaw that allows unauthenticated users to execute malicious scripts via reflected Cross Site Scripting (XSS). This vulnerability affects versions up to 9.0, enabling potential attackers to manipulate user sessions and compromise site security.

Affected Version(s)

MagOne <= 9.0

References

https://patchstack.com/database/wordpress/theme/magone/vu...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2026-39548 Data

JSON