CVE-2025-69153
Deferred Deferred - Pending Action

Unauthenticated Cross Site Scripting in Trendy Travel

Vulnerability report for CVE-2025-69153, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack trendy_travel_theme to 6.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Trendy Travel Theme, versions 6.7 and below, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means attackers can inject malicious scripts, such as redirects or HTML payloads, into the website. These scripts execute when visitors access the site, potentially compromising user data or site functionality.

Exploitation requires user interaction, like clicking a malicious link or visiting a crafted page, and often targets users with privileged roles.

Impact Analysis

This vulnerability can lead to attackers executing malicious scripts on your website, which may result in unauthorized actions such as stealing user credentials, redirecting users to malicious sites, or defacing the website.

Because the vulnerability has a CVSS score of 7.1, it poses a moderate risk and could be exploited in widespread attacks affecting many websites.

Successful exploitation typically requires user interaction and can compromise confidentiality, integrity, and availability of the affected site.

Mitigation Strategies

The WordPress Trendy Travel Theme versions 6.7 and below are vulnerable to a Cross Site Scripting (XSS) attack.

As there is no official patch available yet, immediate mitigation involves applying the Patchstack mitigation rule to block attacks until an official fix is released.

Other recommended steps include updating the theme when a patch becomes available or seeking assistance from your hosting provider or developer to implement protective measures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69153. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart