{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22438", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:22:12.277Z", "datePublished": "2026-03-05T05:53:41.015Z", "dateUpdated": "2026-04-28T17:10:52.452Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "thebi", "product": "TheBi", "vendor": "foreverpinetree", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:22.820Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.<p>This issue affects TheBi: from n/a through <= 1.0.5.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0.5."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:43.992Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/thebi/vulnerability/wordpress-thebi-theme-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T16:24:24.908947Z", "id": "CVE-2026-22438", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:10:52.452Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22438", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:22:12.277Z", "datePublished": "2026-03-05T05:53:41.015Z", "dateUpdated": "2026-04-28T17:10:52.452Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "thebi", "product": "TheBi", "vendor": "foreverpinetree", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:22.820Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.<p>This issue affects TheBi: from n/a through <= 1.0.5.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0.5."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:43.992Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/thebi/vulnerability/wordpress-thebi-theme-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22438", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T16:24:24.908947Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:24:18.005Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0.5."}, {"lang": "es", "value": "Neutralizaci\u00f3n Inadecuada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') vulnerabilidad en foreverpinetree TheBi thebi permite XSS Reflejado. Este problema afecta a TheBi: desde n/a hasta &lt;= 1.0.5."}], "id": "CVE-2026-22438", "lastModified": "2026-04-22T21:26:58.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T06:16:18.270", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/thebi/vulnerability/wordpress-thebi-theme-1-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TheBi", "source": "cna", "vendor": "foreverpinetree"}, "product": "thebi", "vendor": "foreverpinetree"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-17T12:53:35.827722+00:00", "value": {"mitigation_remediation": ["Update the WordPress TheBi theme to a release newer than 1.0.5, which removes the reflected XSS flaw.", "If an updated theme is unavailable, remove or deactivate the theme to eliminate the vulnerable code path.", "Implement content\u2011security\u2011policy headers or deploy a web\u2011application firewall that blocks or sanitizes suspicious script content to provide a temporary shield against reflected XSS attacks."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting (Reflected XSS)"}, "threat_synthesis": {"affected_systems": "All installations of the foreverpinetree TheBi theme with version 1.0.5 or older are impacted. Sites that use this theme and have not applied a later update are therefore at risk.", "description_and_impact": "The flaw originates from improper neutralization of user input during page rendering in the WordPress TheBi theme. It enables an attacker to inject arbitrary JavaScript that executes in a victim\u2019s browser when the corresponding page is displayed. Attackers can leverage this to steal session cookies, deface content, or deliver malware. The vulnerability affects the theme as well as any earlier releases, meaning that sites running the vulnerable theme are exposed to the potential of code injection within the rendered page. The likely attack vector involves a crafted link that, when visited by a user, triggers the malicious payload; this is inferred from the reflected nature of the XSS and the requirement for user interaction.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity flaw. The EPSS metric of less than 1% suggests the likelihood of exploitation in the immediate future is low, and the vulnerability does not appear in CISA's KEV catalog. Typical exploitation would involve a malicious or crafted link that, when followed by a victim, causes the reflected payload to execute. This approach requires user interaction, and is inferred from the nature of reflected XSS; attackers do not need elevated privileges on the host. The threat is confined to user interactions with inadvertently loaded content; attackers do not appear to require elevated privileges on the host."}}}}, "created": "2026-03-06T15:14:18.774303+00:00", "updated": "2026-04-17T13:00:12.018817+00:00", "vendors": ["foreverpinetree", "foreverpinetree$PRODUCT$thebi", "wordpress", "wordpress$PRODUCT$wordpress"]}