How to fix CVE-2025-69367?

Within 24 hours: Audit all WordPress installations using Oyster theme and document affected sites. Within 7 days: Implement Web Application Firewall (WAF) rules to block XSS payloads, disable unnecessary theme features if possible, and consider switching to an alternative theme if XSS vectors are critical to your site functionality. Within 30 days: Monitor vendor communications for patch availability, establish a patch deployment process, and maintain enhanced logging for security event detection.

Is PHP affected by CVE-2025-69367?

Organizations using the GT3themes Oyster WordPress photography theme are exposed to a cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts and compromise website visitors' data or sessions.

CVE-2025-69367

HIGH

2026-02-20 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 16:22 nvd

HIGH 7.1

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4.4.3.

Analysis

GT3themes Oyster - Photography WordPress Theme oyster is affected by cross-site scripting (xss) (CVSS 7.1).

Technical Context

This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects GT3themes Oyster - Photography WordPress Theme oyster. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4.4.3.

Affected Products

Product: GT3themes Oyster - Photography WordPress Theme oyster.

Remediation

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-69367 vulnerability details – vuln.today

Back

CVE-2025-69367

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69367

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code