Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
7DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.
AnalysisAI
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the imithemes Gaea WordPress theme affecting versions prior to 3.8, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform actions on behalf of users, or redirect visitors to malicious sites. No CVSS score or EPSS data is currently available, and active exploitation status via KEV has not been confirmed, but the XSS classification and public disclosure via Patchstack suggest this represents a moderate to significant risk for WordPress installations using affected Gaea theme versions.
Technical ContextAI
The imithemes Gaea theme (CPE: cpe:2.3:a:imithemes:gaea:*:*:*:*:*:*:*:*) is a WordPress theme that fails to properly sanitize and validate user-supplied input before rendering it in HTML responses. This results in a Reflected XSS vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The root cause is the absence of adequate output encoding or input validation in one or more template files or request handlers within the theme. Reflected XSS vulnerabilities require the victim to click a specially crafted link containing the malicious payload, making them dependent on social engineering but generally easier to exploit than stored variants. WordPress themes are loaded on every page request, making them high-impact targets for XSS exploitation.
RemediationAI
Upgrade the imithemes Gaea theme to version 3.8 or later immediately through the WordPress theme management interface or directly from the theme vendor. This is the primary remediation and should be prioritized. Until patching can be completed, implement Content Security Policy (CSP) headers via WordPress plugins or server configuration to restrict script execution from untrusted sources, enable WordPress security headers (X-Frame-Options, X-Content-Type-Options), and educate site administrators and users against clicking suspicious links from untrusted sources. For high-risk installations, consider temporarily disabling the theme or switching to an alternative until patching is feasible. Verify patching completion by checking the active theme version in the WordPress admin panel under Appearance > Themes.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15880
GHSA-fwhh-xq86-2529