Skip to main content

Mydecor

1 CVEs product

Monthly

CVE-2026-25352 HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup MyDecor WordPress theme affecting versions prior to 1.5.9. An unauthenticated attacker can inject malicious JavaScript code through unvalidated user input parameters in web requests, which is then reflected back to victims in the HTTP response without proper sanitization or encoding. This allows attackers to execute arbitrary JavaScript in a victim's browser within the context of the affected website, potentially leading to session hijacking, credential theft, or malware distribution.

XSS Mydecor
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup MyDecor WordPress theme affecting versions prior to 1.5.9. An unauthenticated attacker can inject malicious JavaScript code through unvalidated user input parameters in web requests, which is then reflected back to victims in the HTTP response without proper sanitization or encoding. This allows attackers to execute arbitrary JavaScript in a victim's browser within the context of the affected website, potentially leading to session hijacking, credential theft, or malware distribution.

XSS Mydecor
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy