Qreatix
Monthly
Reflected/stored cross-site scripting in the Qreatix WordPress theme (versions 1.9.4 and earlier) allows remote unauthenticated attackers to inject arbitrary script that executes in a victim's browser after the victim interacts with a crafted link or page. The flaw is reported by Patchstack and tracked as EUVD-2025-210188; no public exploit identified at time of analysis and no CISA KEV listing. CVSS scope-change rating (7.1) reflects impact on a separate security authority - typically the WordPress admin session of a logged-in user lured to the payload.
Reflected/stored cross-site scripting in the Qreatix WordPress theme (versions 1.9.4 and earlier) allows remote unauthenticated attackers to inject arbitrary script that executes in a victim's browser after the victim interacts with a crafted link or page. The flaw is reported by Patchstack and tracked as EUVD-2025-210188; no public exploit identified at time of analysis and no CISA KEV listing. CVSS scope-change rating (7.1) reflects impact on a separate security authority - typically the WordPress admin session of a logged-in user lured to the payload.