CVE-2025-50007
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-50007, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-26

Assigner: Patchstack

Description

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jthemes xsmart to 1.2.9.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-50007 is a high-priority privilege escalation vulnerability in the WordPress xSmart Theme (versions up to and including 1.2.9.4). It allows a malicious user with low-level privileges (like a Subscriber or Developer) to escalate their privileges to higher levels, potentially gaining full control over the affected website. This vulnerability is related to incorrect privilege assignment and is classified under OWASP Top 10 A7: Identification and Authentication Failures. [1]

Impact Analysis

This vulnerability can allow an attacker with limited access to escalate their privileges and gain full control over your WordPress website using the xSmart Theme. This could lead to unauthorized changes, data theft, site defacement, or further exploitation of the website, severely compromising the security and integrity of your site. [1]

Mitigation Strategies

Since no official fix is available yet, you should immediately apply the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability. This mitigation helps protect your WordPress xSmart Theme installations until an official patch is released. [1]

Compliance Impact

The provided resources do not specify how this privilege escalation vulnerability in the xSmart WordPress theme directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system. However, Patchstack has issued a mitigation rule to block attacks exploiting this vulnerability until an official patch is available. Users are advised to apply this mitigation immediately to protect their websites. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart