Arbitrary Shortcode Execution in REHub WordPress Theme by ThemeForest
CVE-2025-7366

7.3HIGH

Key Information:

Vendor: WordPress
Status: Rehub - Price Comparison, Multi Vendor Marketplace WordPress Theme
Vendor: CVE Published:; 6 September 2025

What is CVE-2025-7366?

The REHub - Price Comparison, Multi Vendor Marketplace WordPress Theme has a vulnerability that permits arbitrary shortcode execution due to improper validation of user input. This flaw allows unauthenticated attackers to exploit the system by executing potentially malicious shortcodes, which could compromise site integrity and expose sensitive data. All versions up to and including 19.9.7 are affected, prompting urgent updates and security measures.

Affected Version(s)

REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme * <= 19.9.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/rehub-directory-multi-vendor...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Jul 8, 2025

Credit

Matthew Rollings