CVE-2026-25355
Stored XSS in Sanzo < 2.4.3 Allows Persistent Script Injection
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| skygroup | sanzo | to 2.4.3 (exc) |
| patchstack | sanzo | to 2.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25355 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Sanzo Theme versions prior to 2.4.3.
This vulnerability allows attackers to inject malicious scriptsβsuch as redirects, advertisements, or other HTML payloadsβinto websites using the vulnerable theme.
These malicious scripts execute when visitors access the compromised site, potentially causing harm or unauthorized actions.
Exploitation requires a privileged user role (such as a subscriber or developer) to perform an action like clicking a malicious link, visiting a crafted page, or submitting a form, which triggers the XSS attack.
The vulnerability falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website visitors' browsers.
Such scripts could redirect users to malicious sites, display unwanted advertisements, steal sensitive information, or perform other harmful actions.
Because the attack requires a privileged user role and user interaction, it can be exploited in targeted or mass campaigns affecting websites regardless of their traffic or popularity.
If exploited, it can damage your website's reputation, compromise user trust, and potentially lead to further security breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored Cross Site Scripting (XSS) in the WordPress Sanzo Theme versions prior to 2.4.3, where malicious scripts can be injected and executed when visitors access the site.
Detection typically involves checking if your site is running a vulnerable version of the Sanzo Theme (below 2.4.3) and monitoring for suspicious script injections or unexpected HTML payloads in user-submitted content or stored data.
While no specific commands are provided, common approaches include:
- Review the installed theme version via WordPress admin dashboard or by checking the theme's style.css file.
- Use web vulnerability scanners that detect XSS vulnerabilities in WordPress themes.
- Manually inspect user input fields and stored content for suspicious scripts or HTML tags.
- Monitor web server logs for unusual requests or payloads that may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation is to update the WordPress Sanzo Theme to version 2.4.3 or later, which patches this stored XSS vulnerability.
Until the update can be applied, Patchstack provides mitigation rules that can be implemented to block attacks targeting this vulnerability.
- Update the Sanzo Theme to version 2.4.3 or later immediately.
- Apply Patchstack's mitigation rules to block exploitation attempts.
- Limit user roles and privileges to reduce the risk of exploitation, especially for subscriber or developer roles.
- Monitor your website for suspicious activity or signs of script injection.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-25355 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.