Skip to main content

Prague

1 CVEs product

Monthly

CVE-2025-15654 HIGH This Week

Reflected cross-site scripting in Fox-themes Prague (WordPress theme/plugin family) through version 2.2.8 lets a remote attacker inject script that executes in a victim's browser when the victim clicks an attacker-crafted link. The flaw was disclosed via Patchstack and carries a CVSS 7.1 (scope-changed) rating; no public exploit identified at time of analysis and the issue is not on CISA KEV.

XSS Prague
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in Fox-themes Prague (WordPress theme/plugin family) through version 2.2.8 lets a remote attacker inject script that executes in a victim's browser when the victim clicks an attacker-crafted link. The flaw was disclosed via Patchstack and carries a CVSS 7.1 (scope-changed) rating; no public exploit identified at time of analysis and the issue is not on CISA KEV.

XSS Prague
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy