CVE-2025-69343
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in Theater for WordPress Plugin

Publication date: 2026-03-05

Last updated on: 2026-03-10

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69343
EUVD
EUVD-2025-208308
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jeroen_schmit theater_for_wordpress From 0.0 (inc) to 0.19 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-69343 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress plugin "Theater for WordPress" versions up to and including 0.19.'}, {'type': 'paragraph', 'content': 'This vulnerability allows a malicious actor to inject and execute arbitrary scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”on websites using the affected plugin.'}, {'type': 'paragraph', 'content': 'Exploitation requires user interaction by a privileged user (Subscriber or Developer role), who must perform an action like clicking a malicious link, visiting a crafted page, or submitting a form.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'The vulnerability can allow attackers to execute arbitrary scripts on your website, which can lead to unauthorized actions such as redirects to malicious sites, displaying unwanted advertisements, or stealing sensitive information.'}, {'type': 'paragraph', 'content': "Since exploitation requires interaction by a privileged user, it can compromise trusted users' sessions and potentially lead to further security breaches."}, {'type': 'paragraph', 'content': "This can damage your website's integrity, user trust, and overall security posture."}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves Stored Cross-Site Scripting (XSS) in the Theater for WordPress plugin, which requires user interaction by privileged users. Detection typically involves monitoring for unusual script injections or unexpected HTML payloads executed in the context of the affected website.

While specific commands are not provided in the available resources, common detection methods include scanning the website for suspicious input fields or stored content that may contain malicious scripts, and reviewing web server logs for unusual requests or payloads.

Additionally, using web vulnerability scanners that support detection of stored XSS vulnerabilities on WordPress plugins can help identify exploitation attempts.

Mitigation Strategies

The primary immediate mitigation step is to update the Theater for WordPress plugin to version 0.19.1 or later, where the vulnerability has been patched.

Until the plugin is updated, users are advised to apply the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Enabling auto-update functionality for the plugin can also help ensure that future vulnerabilities are patched promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart