CVE-2026-25355
Received Received - Intake
Stored XSS in Sanzo < 2.4.3 Allows Persistent Script Injection

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25355
EUVD
EUVD-2026-15673
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
skygroup sanzo to 2.4.3 (exc)
patchstack sanzo to 2.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25355 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress Sanzo Theme versions prior to 2.4.3.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the vulnerable theme.

These malicious scripts execute when visitors access the compromised site, potentially causing harm or unauthorized actions.

Exploitation requires a privileged user role (such as a subscriber or developer) to perform an action like clicking a malicious link, visiting a crafted page, or submitting a form, which triggers the XSS attack.

The vulnerability falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website visitors' browsers.

Such scripts could redirect users to malicious sites, display unwanted advertisements, steal sensitive information, or perform other harmful actions.

Because the attack requires a privileged user role and user interaction, it can be exploited in targeted or mass campaigns affecting websites regardless of their traffic or popularity.

If exploited, it can damage your website's reputation, compromise user trust, and potentially lead to further security breaches.

Detection Guidance

This vulnerability involves stored Cross Site Scripting (XSS) in the WordPress Sanzo Theme versions prior to 2.4.3, where malicious scripts can be injected and executed when visitors access the site.

Detection typically involves checking if your site is running a vulnerable version of the Sanzo Theme (below 2.4.3) and monitoring for suspicious script injections or unexpected HTML payloads in user-submitted content or stored data.

While no specific commands are provided, common approaches include:

  • Review the installed theme version via WordPress admin dashboard or by checking the theme's style.css file.
  • Use web vulnerability scanners that detect XSS vulnerabilities in WordPress themes.
  • Manually inspect user input fields and stored content for suspicious scripts or HTML tags.
  • Monitor web server logs for unusual requests or payloads that may indicate exploitation attempts.
Mitigation Strategies

The primary and recommended mitigation is to update the WordPress Sanzo Theme to version 2.4.3 or later, which patches this stored XSS vulnerability.

Until the update can be applied, Patchstack provides mitigation rules that can be implemented to block attacks targeting this vulnerability.

  • Update the Sanzo Theme to version 2.4.3 or later immediately.
  • Apply Patchstack's mitigation rules to block exploitation attempts.
  • Limit user roles and privileges to reduce the risk of exploitation, especially for subscriber or developer roles.
  • Monitor your website for suspicious activity or signs of script injection.
Compliance Impact

The provided information does not specify how the CVE-2026-25355 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25355. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart