CVE-2025-67618

| EUVD-2025-208865 HIGH
2026-03-19 Patchstack
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 19, 2026 - 09:00 vuln.today
EUVD ID Assigned
Mar 19, 2026 - 09:00 euvd
EUVD-2025-208865
CVE Published
Mar 19, 2026 - 08:31 nvd
HIGH 7.1

Tags

XSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.

Analysis

A reflected cross-site scripting (XSS) vulnerability exists in the ArtstudioWorks Brookside WordPress theme through version 1.4. An attacker can inject malicious scripts that execute in victims' browsers when they click a specially crafted link, potentially leading to session hijacking, credential theft, or defacement. The CVSS score of 7.1 indicates high severity with a changed scope, and this vulnerability was disclosed by Patchstack as a database entry.

Technical Context

This vulnerability affects the ArtstudioWorks Brookside WordPress theme (CPE: cpe:2.3:a:artstudioworks:brookside:*:*:*:*:*:*:*:*) through version 1.4. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning the theme fails to properly sanitize or encode user-supplied input before reflecting it back in HTML responses. In WordPress themes, this typically occurs when URL parameters, search queries, or other user inputs are directly embedded into page output without proper escaping functions like esc_html() or esc_url(). The reflected nature means the malicious payload is not stored server-side but must be delivered to victims through external means such as phishing emails or malicious websites.

Affected Products

The ArtstudioWorks Brookside WordPress theme is affected from the earliest available version through version 1.4, as confirmed by the CPE identifier cpe:2.3:a:artstudioworks:brookside:*:*:*:*:*:*:*:*. This is a WordPress theme product developed by ArtstudioWorks. The vulnerability details and confirmation are available in the Patchstack database at https://patchstack.com/database/wordpress/theme/brookside/vulnerability/wordpress-brookside-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve. Any WordPress installation running the Brookside theme at version 1.4 or earlier is vulnerable to this reflected XSS attack.

Remediation

Website administrators should immediately update the Brookside theme to a patched version newer than 1.4 if available from ArtstudioWorks or through the WordPress theme repository. Check the Patchstack advisory at https://patchstack.com/database/wordpress/theme/brookside/vulnerability/wordpress-brookside-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve for the latest remediation guidance and confirmed safe versions. If an update is not yet available, consider temporarily switching to an alternative WordPress theme until a patch is released. As an interim mitigation, implement a Web Application Firewall (WAF) with XSS filtering rules, enable Content Security Policy (CSP) headers to restrict script execution, and educate users about not clicking suspicious links. Administrators should also review server logs for signs of exploitation attempts targeting the theme's vulnerable input parameters.

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

CVE-2025-67618 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy