CVE-2025-50007
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jthemes | xsmart | to 1.2.9.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-50007 is a high-priority privilege escalation vulnerability in the WordPress xSmart Theme (versions up to and including 1.2.9.4). It allows a malicious user with low-level privileges (like a Subscriber or Developer) to escalate their privileges to higher levels, potentially gaining full control over the affected website. This vulnerability is related to incorrect privilege assignment and is classified under OWASP Top 10 A7: Identification and Authentication Failures. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited access to escalate their privileges and gain full control over your WordPress website using the xSmart Theme. This could lead to unauthorized changes, data theft, site defacement, or further exploitation of the website, severely compromising the security and integrity of your site. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix is available yet, you should immediately apply the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability. This mitigation helps protect your WordPress xSmart Theme installations until an official patch is released. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this privilege escalation vulnerability in the xSmart WordPress theme directly affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system. However, Patchstack has issued a mitigation rule to block attacks exploiting this vulnerability until an official patch is available. Users are advised to apply this mitigation immediately to protect their websites. [1]