Cross-site Scripting Vulnerability in TieLabs Jannah Theme
CVE-2025-64207

7.1HIGH

Key Information:

Vendor: WordPress
Status: Jannah
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64207?

The TieLabs Jannah theme is affected by a Cross-site Scripting (XSS) vulnerability that arises from improper neutralization of input during web page generation. This vulnerability opens up opportunities for attackers to inject malicious scripts into web pages viewed by users. As a result, these scripts can execute in the context of a victim's browser session, potentially leading to unauthorized data exposure or session hijacking. Users of the Jannah theme, particularly those using versions equal to or below 7.6.0, should take immediate measures to secure their websites against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jannah <= n/a

References

https://patchstack.com/database/Wordpress/Theme/jannah/vu...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

JSON

WordPress