Skip to main content

Fitness Zone Wordpress Theme

1 CVEs product

Monthly

CVE-2025-69155 HIGH This Week

Reflected/unauthenticated Cross-Site Scripting in the Fitness Zone WordPress theme (versions 5.7 and earlier) by designthemes allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or request. The scope-change (S:C) rating indicates the injected script can affect resources beyond the vulnerable component, such as hijacking authenticated admin sessions. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw was reported by Patchstack.

WordPress XSS Fitness Zone Wordpress Theme
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/unauthenticated Cross-Site Scripting in the Fitness Zone WordPress theme (versions 5.7 and earlier) by designthemes allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or request. The scope-change (S:C) rating indicates the injected script can affect resources beyond the vulnerable component, such as hijacking authenticated admin sessions. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw was reported by Patchstack.

WordPress XSS Fitness Zone Wordpress Theme
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy