CVE-2025-64197 is a Stored Cross-site Scripting (XSS) vulnerability identified in the sizam Rehub WordPress theme, affecting all versions prior to 19.9.9.1. The vulnerability stems from improper neutralization of user input during the generation of web pages, allowing malicious scripts to be stored persistently within the website content. When a victim visits a compromised page, the injected script executes in their browser context, potentially enabling attackers to steal session cookies, perform actions on behalf of the user, deface the website, or redirect users to malicious domains. The vulnerability is classified as Stored XSS, which is more dangerous than reflected XSS due to its persistence and wider impact. No CVSS score has been assigned yet, and no known exploits have been reported in the wild, but the vulnerability is publicly disclosed and published by Patchstack. The Rehub theme is widely used for affiliate marketing, price comparison, and e-commerce websites, making it a valuable target for attackers seeking to compromise user trust and data integrity. The lack of a patch link indicates that users must monitor vendor updates closely. The vulnerability requires no authentication and can be exploited via crafted input fields that are improperly sanitized before being rendered on the page. This increases the risk of exploitation by unauthenticated attackers. The vulnerability affects the confidentiality and integrity of user data and the availability of the website if defacement or malicious redirects occur.

For European organizations, especially those operating e-commerce, affiliate marketing, or content-heavy websites using the Rehub theme, this vulnerability could lead to significant reputational damage and loss of customer trust. Attackers exploiting the Stored XSS could hijack user sessions, steal sensitive information, or manipulate website content, potentially leading to financial fraud or data breaches. The persistent nature of Stored XSS means that once the malicious payload is injected, all visitors to the affected pages are at risk until the vulnerability is remediated. This could also lead to regulatory compliance issues under GDPR if personal data is compromised. Additionally, website defacement or redirection to malicious sites could result in downtime and loss of revenue. The impact is heightened in sectors with high user interaction and sensitive transactions, such as retail, finance, and media. Given the widespread use of WordPress and the popularity of the Rehub theme in Europe, the threat surface is considerable.

Organizations should prioritize updating the Rehub theme to version 19.9.9.1 or later as soon as the patch becomes available from the vendor. Until an official patch is released, implement strict input validation and sanitization on all user inputs that are rendered on web pages, using security libraries or plugins that enforce context-aware escaping. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. Regularly audit website content for suspicious or unauthorized scripts and monitor logs for unusual activity. Educate website administrators and developers about secure coding practices to prevent similar vulnerabilities. Additionally, consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting WordPress themes. Backup website data regularly to enable quick restoration in case of compromise. Finally, maintain an incident response plan to address potential exploitation swiftly.