Skip to main content

Avante

1 CVEs product

Monthly

CVE-2025-68524 HIGH This Week

Reflected cross-site scripting in the Avante WordPress theme versions prior to 3.0.5 allows unauthenticated remote attackers to inject script that executes in a victim's browser when the victim clicks a crafted link. Reported by Patchstack with CVSS 7.1 (scope-changed), no public exploit identified at time of analysis, but the unauthenticated nature and prevalence of WordPress themes makes this a practical phishing/account-takeover lure against site visitors and logged-in administrators.

XSS Avante
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the Avante WordPress theme versions prior to 3.0.5 allows unauthenticated remote attackers to inject script that executes in a victim's browser when the victim clicks a crafted link. Reported by Patchstack with CVSS 7.1 (scope-changed), no public exploit identified at time of analysis, but the unauthenticated nature and prevalence of WordPress themes makes this a practical phishing/account-takeover lure against site visitors and logged-in administrators.

XSS Avante
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy