Reflected XSS Vulnerability in Traveler Theme by ShineTheme
CVE-2025-64372

Currently unrated

Key Information:

Vendor

WordPress
Status
Traveler
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64372?

A Cross-site Scripting (XSS) vulnerability exists in the Traveler Theme developed by ShineTheme, allowing attackers to execute arbitrary JavaScript in users' browsers through reflected input. This issue particularly affects versions of the theme preceding 3.2.6, potentially exposing users to harmful scripts that can compromise their sessions or extract sensitive information. Website administrators should prioritize updating to the latest version to mitigate this security risk.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64372 : Reflected XSS Vulnerability in Traveler Theme by ShineTheme