Cross-site Scripting Vulnerability in Fox-themes Prague Plugin
CVE-2025-15654
7.1HIGH
What is CVE-2025-15654?
The Fox-themes Prague plugin for WordPress is vulnerable to Reflected Cross-site Scripting (XSS) attacks due to improper input neutralization during web page generation. This flaw can allow attackers to inject malicious scripts, potentially compromising user data and session security. All versions up to and including 2.2.8 are affected, making it essential for users to apply updates and take necessary precautions to mitigate risks associated with this vulnerability.
Affected Version(s)
Prague <= 2.2.8
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program