CVE-2026-25350
Received Received - Intake
Reflected XSS in Miti < 1.5.3 Allows Webpage Injection

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25350
EUVD
EUVD-2026-15665
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
skygroup miti to 1.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25350 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Miti Theme versions prior to 1.5.3.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the vulnerable theme.

These injected scripts execute when visitors access the compromised site, potentially causing harm or unwanted behavior.

The vulnerability is classified under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can lead to attackers executing malicious scripts on your website, which may result in unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.

Such exploitation can compromise the security and integrity of your website and negatively affect your visitors' experience.

The CVSS severity score is 7.1, indicating a moderate level of danger with potential for widespread exploitation.

Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page, but does not require prior authentication.

Detection Guidance

CVE-2026-25350 is a reflected Cross Site Scripting (XSS) vulnerability affecting the WordPress Miti Theme versions prior to 1.5.3. Detection typically involves identifying malicious script injections in web page inputs or URLs that reflect back unsanitized input.

While no specific commands are provided, common detection methods include using web vulnerability scanners or manual testing by injecting typical XSS payloads (e.g., <script>alert(1)</script>) into URL parameters or form inputs and observing if the script executes.

Network monitoring tools can also be used to detect suspicious HTTP requests containing typical XSS attack patterns.

Mitigation Strategies

The primary mitigation step is to update the Miti Theme to version 1.5.3 or later, which contains the patch for this vulnerability.

Until the update can be applied, users are advised to implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

If immediate updating is not possible, seek assistance from your hosting provider or web developer to apply temporary protections.

Compliance Impact

CVE-2026-25350 is a reflected Cross Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into websites using the vulnerable Miti Theme. Such vulnerabilities can lead to unauthorized access to user data or manipulation of website content, which may result in breaches of data protection and privacy requirements.

Because reflected XSS can be exploited to steal sensitive information or perform actions on behalf of users without their consent, it can impact compliance with regulations like GDPR and HIPAA that mandate protection of personal and health information.

Organizations using the affected Miti Theme versions prior to 1.5.3 should update promptly to mitigate risks and maintain compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart