CVE-2025-7726
BaseFortify
Publication date: 2025-08-09
Last updated on: 2025-08-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the7 | theme | * |
| woocommerce | woocommerce | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7726 is a Stored Cross-Site Scripting (XSS) vulnerability in The7 WordPress theme up to version 12.6.0. It occurs because the theme's JavaScript reads user-supplied 'title' and 'data-dt-img-description' attributes directly without proper sanitization or escaping, then inserts them into the page's HTML. This allows authenticated users with Contributor-level access or higher to inject malicious scripts that execute whenever someone views the affected page.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access to inject arbitrary JavaScript into pages, which can execute in the browsers of users who view those pages. This can lead to theft of user credentials, session hijacking, defacement, or distribution of malware, compromising the security and integrity of the affected website and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) in The7 WordPress theme versions up to 12.6.0, specifically via the lightbox rendering code that improperly handles 'title' and 'data-dt-img-description' attributes. To detect it, you can scan your WordPress installation to check the theme version and look for injected scripts in pages accessible by users. Commands to check the theme version include: `wp theme list --status=active` (using WP-CLI) to confirm if The7 theme is active and its version. Additionally, you can search for suspicious script tags in the database or page source, for example, by querying the WordPress database for posts containing script tags in these attributes or by using web vulnerability scanners that detect stored XSS. However, no specific detection commands are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating The7 WordPress theme to a version later than 12.6.0, as the vulnerability affects all versions up to and including 12.6.0. The changelog indicates that versions up to 12.7.0 include multiple fixes and improvements, so upgrading to the latest available version is recommended. Additionally, restrict Contributor-level access if possible, as the vulnerability requires authenticated users with Contributor-level access or higher to exploit. Applying security best practices such as input sanitization and output escaping in custom code and monitoring for suspicious activity is also advised. [1]