Unauthenticated XSS Vulnerability in Artale Wedding Photography Theme by WordPress
CVE-2025-69152
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2025-69152?
An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the Artale Wedding Photography WordPress theme for versions 2.2.2 and earlier. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or any other malicious action that can be executed in the context of the user's browser. It is crucial for users of this theme to apply the necessary updates to safeguard their websites against potential exploits.
Affected Version(s)
Artale | Wedding Photography WordPress <= 2.2.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program