Skip to main content

Mymedi

1 CVEs product

Monthly

CVE-2026-25351 HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup MyMedi WordPress theme that allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects MyMedi versions prior to 1.7.7, and an attacker can leverage reflected XSS to steal session cookies, redirect users to malicious sites, or perform actions on behalf of the victim. No active exploitation in the wild has been confirmed, but the vulnerability was publicly disclosed via Patchstack with technical details available.

XSS Mymedi
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the skygroup MyMedi WordPress theme that allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects MyMedi versions prior to 1.7.7, and an attacker can leverage reflected XSS to steal session cookies, redirect users to malicious sites, or perform actions on behalf of the victim. No active exploitation in the wild has been confirmed, but the vulnerability was publicly disclosed via Patchstack with technical details available.

XSS Mymedi
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy