Reflected Cross-Site Scripting Vulnerability in Rara Theme UltraLight
CVE-2025-23998

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ultralight
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability has been identified in the Rara Theme UltraLight, allowing for reflected cross-site scripting (XSS) attacks. This issue arises due to improper neutralization of input during the generation of web pages, posing risks to users when they interact with maliciously crafted URLs. The vulnerability affects all versions of the theme up to 1.2, enabling attackers to inject arbitrary scripts into pages viewed by users, potentially leading to data theft and session hijacking.

Affected Version(s)

UltraLight <= 1.2

References

https://patchstack.com/database/wordpress/theme/the-ultra...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

justakazh (Patchstack Alliance)