PT-2026-3987 · WordPress · Jthemes Xsmart
Published
2026-01-22
·
Updated
2026-01-25
·
CVE-2025-54002
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Jthemes xSmart versions through 1.2.9.4
Description
An issue exists in Jthemes xSmart related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation of access control.
Recommendations
Update Jthemes xSmart to a version later than 1.2.9.4.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jthemes Xsmart