PatchSiren

UX-themes CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH UX-themes CVE published 2026-07-13

CVE-2026-57729

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:39.657Z and has not been modified since then. This Missing Authorization vulnerability in UX-themes Flatsome, affecting versions from n/a through <= 3.20.5, allows for Exploiting Incorrectly Configured Access Control Security Levels. Users of UX-themes Flatsome, especially those with versio [truncated]

HIGH UX-themes CVE published 2026-07-13

CVE-2026-57728

CVE-2026-57728 is a Reflected Cross-Site Scripting (XSS) vulnerability in the Flatsome theme for WordPress. The issue affects Flatsome versions from n/a through 3.20.5. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, arising from improper neutralization of input during web page generation. Users of Flatsome theme version 3.20.5 or earlier should apply [truncated]