Reflected XSS Vulnerability in Traveler Theme by ShineTheme
CVE-2025-64372

7.1HIGH

Key Information:

Vendor: WordPress
Status: Traveler
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64372?

A Cross-site Scripting (XSS) vulnerability exists in the Traveler Theme developed by ShineTheme, allowing attackers to execute arbitrary JavaScript in users' browsers through reflected input. This issue particularly affects versions of the theme preceding 3.2.6, potentially exposing users to harmful scripts that can compromise their sessions or extract sensitive information. Website administrators should prioritize updating to the latest version to mitigate this security risk.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

JSON