CVE-2025-67618
Received Received - Intake
Reflected XSS in ArtstudioWorks Brookside up to

Publication date: 2026-03-19

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67618
EUVD
EUVD-2025-208865
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artstudioworks brookside From 1.0 (inc) to 1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67618 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Brookside Theme versions up to and including 1.4.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the affected theme.

These malicious scripts execute when visitors access the compromised site, potentially leading to widespread exploitation.

The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 7.1, indicating moderate severity.

Exploitation does not require authentication but does require a privileged user to perform an action like clicking a malicious link, visiting a crafted page, or submitting a form.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to attackers injecting and executing malicious scripts on your website, which can cause several harmful effects.'}, {'type': 'list_item', 'content': 'Redirecting visitors to malicious or phishing sites.'}, {'type': 'list_item', 'content': 'Displaying unwanted advertisements or malicious content.'}, {'type': 'list_item', 'content': 'Stealing sensitive information from users through script execution.'}, {'type': 'paragraph', 'content': "Such exploitation can damage your website's reputation, compromise user data, and potentially lead to further security breaches."}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a reflected Cross Site Scripting (XSS) issue in the WordPress Brookside Theme up to version 1.4. Detection typically involves monitoring for unusual or malicious script injections in web requests or responses related to the affected theme.

Since no official patch is available, detection can be aided by applying mitigation rules from Patchstack that block attacks targeting this vulnerability.

Specific commands are not provided in the available resources, but common approaches include using web vulnerability scanners or manual inspection of HTTP requests and responses for suspicious script payloads in URLs, forms, or headers related to the Brookside theme.

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released.

Users are advised to implement this mitigation immediately or seek assistance from their hosting provider or web developer to apply the necessary protections.

Additionally, exercising caution by limiting privileged user interactions with untrusted links or pages can reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67618. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart