CVE-2026-22440 PUBLISHED

WordPress Thecs theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Assigner: Patchstack
Reserved: 07.01.2026 Published: 05.03.2026 Updated: 05.03.2026

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through <= 1.4.7.

Product Status

Vendor foreverpinetree
Product Thecs
Versions Default: unaffected
  • affected from n/a to <= 1.4.7 (incl.)

Credits

  • Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program finder

References

Problem Types

  • Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE

Impacts

  • Reflected XSS