Thecs 1.4.7 and earlier allows malicious scripts to run on users' browsers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Thecs 1.4.7 and earlier allows malicious scripts to run on users' browsers

CVE-2026-22440

Summary

A security issue in Thecs versions 1.4.7 and earlier allows attackers to inject malicious code into web pages viewed by other users. This can lead to unauthorized actions being performed on the users' accounts or devices. To fix this issue, update to the latest version of Thecs or apply a patch if available.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through <= ...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/thecs/vulnerability/wordpress-th...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026