CVE-2026-57325
Deferred Deferred - Pending Action
Unauthenticated XSS in NanoMag <= 1.8

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57325
EUVD
EUVD-2026-39737
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack nanomag to 1.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated Cross Site Scripting (XSS) issue found in the WordPress NanoMag Theme versions 1.8 and below.

It allows attackers to inject malicious scripts into websites using the vulnerable theme. These scripts can execute harmful actions such as redirects, displaying unwanted advertisements, or running other malicious HTML payloads when visitors access the affected site.

The vulnerability can be exploited without authentication but requires user interaction, like clicking a malicious link or visiting a specially crafted page.

The issue is considered medium priority with a CVSS score of 7.1 and is fixed by updating the theme to version 1.9 or later.

Impact Analysis

Exploitation of this vulnerability can lead to attackers injecting malicious scripts into your website, which can cause several harmful effects.

  • Visitors to your site may be redirected to malicious or unwanted websites.
  • Attackers can display unwanted advertisements or other harmful content on your site.
  • Malicious scripts could potentially steal user data or perform other harmful actions, impacting the integrity and trustworthiness of your website.

Since the vulnerability can be exploited by unauthenticated users and requires only user interaction, it poses a moderate risk, especially in mass exploitation campaigns targeting many websites.

Detection Guidance

The vulnerability is a Cross Site Scripting (XSS) issue in WordPress NanoMag Theme versions 1.8 and below, which allows attackers to inject malicious scripts. Detection typically involves monitoring for suspicious HTTP requests containing malicious payloads or unusual script injections.

While specific commands are not provided in the resources, common detection methods include using web application firewalls (WAF) with rules to detect XSS payloads, inspecting web server logs for suspicious query parameters or POST data, and using security scanners that can test for XSS vulnerabilities.

Patchstack has provided a mitigation rule to block attacks until the update is applied, which can also help in detecting attempted exploit attempts.

Mitigation Strategies

The immediate and recommended step to mitigate this vulnerability is to update the WordPress NanoMag Theme to version 1.9 or later, where the issue is resolved.

Until the update can be applied, applying the mitigation rule provided by Patchstack to block attack attempts is advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart