Skip to main content

Jaroti

1 CVEs product

Monthly

CVE-2026-25304 HIGH PATCH This Week

A reflected Cross-site Scripting (XSS) vulnerability exists in the Skygroup Jaroti WordPress theme through version 1.4.7, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to execute arbitrary JavaScript in the context of victim browsers. Affected users should upgrade to Jaroti version 1.4.8 or later to remediate the vulnerability; no CVSS score or EPSS data is currently available, and no KEV or POC confirmation has been documented in accessible threat intelligence sources.

XSS Jaroti
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A reflected Cross-site Scripting (XSS) vulnerability exists in the Skygroup Jaroti WordPress theme through version 1.4.7, allowing attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to execute arbitrary JavaScript in the context of victim browsers. Affected users should upgrade to Jaroti version 1.4.8 or later to remediate the vulnerability; no CVSS score or EPSS data is currently available, and no KEV or POC confirmation has been documented in accessible threat intelligence sources.

XSS Jaroti
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy