Skip to main content

Cerato

1 CVEs product

Monthly

CVE-2025-58920 HIGH This Week

Reflected cross-site scripting in Zootemplate Cerato WordPress theme versions through 2.2.18 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers through crafted malicious links. Successful exploitation requires user interaction (victim must click attacker-controlled URL). Attack enables session hijacking, credential theft, and defacement within changed security context. No public exploit identified at time of analysis.

XSS Cerato
NVD
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in Zootemplate Cerato WordPress theme versions through 2.2.18 allows unauthenticated attackers to execute arbitrary JavaScript in victim browsers through crafted malicious links. Successful exploitation requires user interaction (victim must click attacker-controlled URL). Attack enables session hijacking, credential theft, and defacement within changed security context. No public exploit identified at time of analysis.

XSS Cerato
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy