CVE-2025-6743: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xTemos Woodmart
The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-6743: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xTemos Woodmart
Description
The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-26T18:03:38.612Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686cc0a16f40f0eb72f236dc
Added to database: 7/8/2025, 6:54:25 AM
Last updated: 7/8/2025, 6:54:25 AM
Views: 1
Related Threats
CVE-2025-7166: SQL Injection in code-projects Responsive Blog Site
MediumCVE-2025-6746: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in xTemos Woodmart
HighCVE-2025-7165: SQL Injection in PHPGurukul Cyber Cafe Management System
MediumCVE-2025-7327: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in techlabpro1 Widget for Google Reviews
HighCVE-2025-7164: SQL Injection in PHPGurukul Cyber Cafe Management System
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.