Cross-site Scripting Vulnerability in ThemeNectar Salient Portfolio
CVE-2025-68078

Currently unrated

Key Information:

Vendor

WordPress
Status
Salient Portfolio
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68078?

The Salient Portfolio theme by ThemeNectar is vulnerable to a Cross-site Scripting (XSS) attack due to improper input sanitization during web page generation. This allows attackers to inject malicious scripts, which can be executed in the context of the user's browser. The vulnerability affects versions of Salient Portfolio from its inception up to and including version 1.8.2, which can lead to unauthorized actions being performed on behalf of unsuspecting users.

Affected Version(s)

Salient Portfolio <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/salie...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68078 : Cross-site Scripting Vulnerability in ThemeNectar Salient Portfolio