Skip to main content

Spalab Beauty Salon Wordpress Theme

1 CVEs product

Monthly

CVE-2025-69154 HIGH This Week

Reflected/unauthenticated Cross-Site Scripting in the designthemes SpaLab | Beauty Salon WordPress theme (all versions up to and including 6.7) allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted request or link. The CVSS 3.1 score of 7.1 reflects a scope-changing (S:C) client-side impact requiring no authentication (PR:N) but user interaction (UI:R). No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not supplied in the input.

WordPress XSS Spalab Beauty Salon Wordpress Theme
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/unauthenticated Cross-Site Scripting in the designthemes SpaLab | Beauty Salon WordPress theme (all versions up to and including 6.7) allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted request or link. The CVSS 3.1 score of 7.1 reflects a scope-changing (S:C) client-side impact requiring no authentication (PR:N) but user interaction (UI:R). No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not supplied in the input.

WordPress XSS Spalab Beauty Salon Wordpress Theme
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy