TheBi Software Allows Malicious Code to Run on Your Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

TheBi Software Allows Malicious Code to Run on Your Browser

CVE-2026-22438

Summary

TheBi software has a security flaw that allows hackers to inject malicious code into your web browser. This means that if you visit a website that uses TheBi, a hacker could potentially trick your browser into doing something it shouldn't, like revealing personal information or taking control of your account. Update to the latest version of TheBi to fix this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= ...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/thebi/vulnerability/wordpress-th...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026