CVE-2026-39548
Deferred Deferred - Pending Action
Unauthenticated XSS in MagOne <= 9.0

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-39548
EUVD
EUVD-2026-37476
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack magone to 9.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the unauthenticated Cross Site Scripting (XSS) vulnerability in MagOne versions 9.0 and below impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress MagOne Theme versions 9.0 and below. It allows attackers to inject malicious scripts into the website, which execute when visitors access the site. This can happen when a user interacts with a crafted link or page, potentially leading to redirects or unwanted advertisements.

The vulnerability is unauthenticated, meaning it can be exploited without prior authentication, but typically requires user interaction such as clicking a malicious link. It has a CVSS score of 7.1, indicating a moderate level of risk.

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website visitors' browsers. This can lead to unauthorized redirects, display of unwanted advertisements, or other malicious actions that compromise user experience and trust.

Because the attack requires user interaction, such as clicking a malicious link, it can be used in mass campaigns targeting many websites. The impact includes potential loss of visitors, damage to reputation, and possible exploitation of user data through injected scripts.

Detection Guidance

This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress MagOne Theme versions 9.0 and below. Detection typically involves monitoring for suspicious script injections or unusual redirects on the affected website.

Since the vulnerability requires user interaction such as clicking a malicious link or visiting a crafted page, network detection can include inspecting HTTP requests for suspicious payloads targeting the theme.

Specific commands are not provided in the available resources, but common approaches include using web vulnerability scanners or manual testing by attempting to inject scripts into input fields or URL parameters related to the MagOne theme.

Mitigation Strategies

The recommended immediate mitigation is to update the WordPress MagOne Theme to version 9.1 or later, which contains the fix for this XSS vulnerability.

Until the update can be applied, Patchstack has provided a mitigation rule to block attacks exploiting this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart