Cross-site Scripting Vulnerability in Ofiz WordPress Business Consulting Theme
CVE-2025-31072

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ofiz - WordPress Business Consulting Theme
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-31072?

A vulnerability in the Ofiz - WordPress Business Consulting Theme allows attackers to exploit improper neutralization of user input, enabling reflected Cross-site Scripting (XSS). This flaw poses a risk to users and website visitors by allowing malicious scripts to be executed in the context of users' web browsers. As a result, cybercriminals could potentially hijack sessions, redirect users, or steal sensitive information. Users of affected versions should take immediate action to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ofiz - WordPress Business Consulting Theme <= 2.0

References

https://patchstack.com/database/wordpress/theme/ofiz/vuln...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

JSON

WordPress