CVE-2026-25006

Name of the Vulnerable Software and Affected Versions 8theme XStore versions through 9.6.4

Description The software contains a flaw due to improper neutralization of script-related HTML tags on a web page, leading to a Basic Cross-Site Scripting (XSS) condition. This allows for code injection. The issue is related to how the application handles user-supplied input, potentially enabling an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations Update 8theme XStore to a version later than 9.6.4.