PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-39507 Themeisle CVE debrief

CVE-2026-39507 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Social Slider Feed <= 2.3.2 versions. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-39507). The vulnerability was last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-39507).

Vendor
Themeisle
Product
Social Slider Feed
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Users of Social Slider Feed plugin versions <= 2.3.2 should update to a patched version to prevent exploitation of this vulnerability.

Technical summary

The vulnerability is an Unauthenticated Cross Site Scripting (XSS) vulnerability in Social Slider Feed <= 2.3.2 versions. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.

Defensive priority

HIGH

Recommended defensive actions

  • Update Social Slider Feed plugin to a version greater than 2.3.2.
  • Review and apply patches provided by the vendor.

Evidence notes

Evidence for this CVE was provided by Patchstack.

Official resources

CVE-2026-39507 was published on 2026-06-15T21:16:45.607Z and last modified on 2026-06-15T21:24:32.790Z.