Reflected XSS Vulnerability in the Spare Theme by Meton
CVE-2025-31638

7.1HIGH

Key Information:

Vendor: WordPress
Status: Spare
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31638?

The Spare theme by Meton has a reflected Cross-site Scripting (XSS) vulnerability that stems from improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious scripts, which can be executed in the browser of unsuspecting users who visit the affected web pages. It is critical for users of Spare versions from n/a to 1.7 to implement proper security measures to mitigate potential risks.

Affected Version(s)

Spare <= 1.7

References

https://patchstack.com/database/wordpress/theme/spare/vul...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)