CVE-2026-25033
Received Received - Intake
Reflected XSS in Motta Addons UIxthemes Before

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uixthemes Motta Addons motta-addons allows Reflected XSS.This issue affects Motta Addons: from n/a through < 1.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25033
EUVD
EUVD-2026-15633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uixthemes motta_addons to 1.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-25033 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-25033 is a medium priority Cross Site Scripting (XSS) vulnerability affecting the WordPress Motta Addons Plugin versions prior to 1.6.1.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the plugin.

These malicious scripts execute when visitors access the compromised site.

Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form.

The vulnerability is classified under OWASP Top 10 A3: Injection.

Impact Analysis

This vulnerability can lead to attackers injecting and executing malicious scripts on your website, which can result in unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.

Such exploitation can compromise the integrity and trustworthiness of your website, potentially harming your users and your reputation.

Since exploitation requires privileged user interaction, attackers might trick authorized users into performing actions that trigger the malicious scripts.

Detection Guidance

This vulnerability is a reflected Cross Site Scripting (XSS) issue in the Motta Addons WordPress plugin prior to version 1.6.1. Detection typically involves monitoring for suspicious HTTP requests that include malicious script payloads targeting the plugin's input fields or URLs.

While specific commands are not provided in the resources, common detection methods include using web application scanners or manual testing by sending crafted requests containing typical XSS payloads (e.g., <script>alert(1)</script>) to the affected plugin endpoints.

Network monitoring tools or intrusion detection systems (IDS) can be configured to look for patterns of reflected XSS attacks, such as unusual script tags in URL parameters or form submissions.

Mitigation Strategies

The primary immediate mitigation step is to update the Motta Addons WordPress plugin to version 1.6.1 or later, where the vulnerability has been patched.

Until the update can be applied, users can implement mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Additionally, enabling automatic mitigation and auto-update options offered by Patchstack can help protect the system from exploitation.

It is also advisable to educate privileged users about the risk of clicking on suspicious links or submitting untrusted forms, as exploitation requires user interaction.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25033. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart