Cross-site Scripting Vulnerability in Ofiz WordPress Business Consulting Theme
CVE-2025-31072
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2025
What is CVE-2025-31072?
A vulnerability in the Ofiz - WordPress Business Consulting Theme allows attackers to exploit improper neutralization of user input, enabling reflected Cross-site Scripting (XSS). This flaw poses a risk to users and website visitors by allowing malicious scripts to be executed in the context of users' web browsers. As a result, cybercriminals could potentially hijack sessions, redirect users, or steal sensitive information. Users of affected versions should take immediate action to mitigate this risk.
Affected Version(s)
Ofiz - WordPress Business Consulting Theme <= 2.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)