Cross-Site Scripting Vulnerability in ThemeGoods Photography Product
CVE-2025-64217

Currently unrated

Key Information:

Vendor

WordPress
Status
Photography
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64217?

A Cross-Site Scripting (XSS) vulnerability has been identified in the ThemeGoods Photography product, enabling attackers to inject malicious scripts into web pages. This vulnerability affects all versions up to 7.7.2, allowing for potential exploitation through reflected XSS attacks. Website administrators are advised to apply the necessary patches and maintain updated security measures to protect against potential threats.

Affected Version(s)

Photography <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/photo...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64217 : Cross-Site Scripting Vulnerability in ThemeGoods Photography Product