Cross-site Scripting Vulnerability in WeMusic by NooTheme
CVE-2025-53585

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wemusic
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-53585?

A Cross-site Scripting (XSS) vulnerability exists in the WeMusic theme developed by NooTheme, which allows attackers to inject malicious scripts into web pages. This reflected XSS issue affects users running WeMusic version 1.9.1 and earlier, enabling adversaries to exploit the flaw by crafting malicious URLs that users might unknowingly visit. Successful exploitation can lead to unauthorized access to sensitive information and the potential for further attacks on users' accounts.

Affected Version(s)

WeMusic <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/noo-w...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Jul 3, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

JSON