Gaea
Monthly
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the imithemes Gaea WordPress theme affecting versions prior to 3.8, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform actions on behalf of users, or redirect visitors to malicious sites. No CVSS score or EPSS data is currently available, and active exploitation status via KEV has not been confirmed, but the XSS classification and public disclosure via Patchstack suggest this represents a moderate to significant risk for WordPress installations using affected Gaea theme versions.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the imithemes Gaea WordPress theme affecting versions prior to 3.8, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform actions on behalf of users, or redirect visitors to malicious sites. No CVSS score or EPSS data is currently available, and active exploitation status via KEV has not been confirmed, but the XSS classification and public disclosure via Patchstack suggest this represents a moderate to significant risk for WordPress installations using affected Gaea theme versions.