Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
AnalysisAI
A reflected cross-site scripting (XSS) vulnerability exists in the ArtstudioWorks Brookside WordPress theme through version 1.4. An attacker can inject malicious scripts that execute in victims' browsers when they click a specially crafted link, potentially leading to session hijacking, credential theft, or defacement. The CVSS score of 7.1 indicates high severity with a changed scope, and this vulnerability was disclosed by Patchstack as a database entry.
Technical ContextAI
This vulnerability affects the ArtstudioWorks Brookside WordPress theme (CPE: cpe:2.3:a:artstudioworks:brookside:*:*:*:*:*:*:*:*) through version 1.4. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning the theme fails to properly sanitize or encode user-supplied input before reflecting it back in HTML responses. In WordPress themes, this typically occurs when URL parameters, search queries, or other user inputs are directly embedded into page output without proper escaping functions like esc_html() or esc_url(). The reflected nature means the malicious payload is not stored server-side but must be delivered to victims through external means such as phishing emails or malicious websites.
RemediationAI
Website administrators should immediately update the Brookside theme to a patched version newer than 1.4 if available from ArtstudioWorks or through the WordPress theme repository. Check the Patchstack advisory at https://patchstack.com/database/wordpress/theme/brookside/vulnerability/wordpress-brookside-theme-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve for the latest remediation guidance and confirmed safe versions. If an update is not yet available, consider temporarily switching to an alternative WordPress theme until a patch is released. As an interim mitigation, implement a Web Application Firewall (WAF) with XSS filtering rules, enable Content Security Policy (CSP) headers to restrict script execution, and educate users about not clicking suspicious links. Administrators should also review server logs for signs of exploitation attempts targeting the theme's vulnerable input parameters.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208865