CVE-2025-10295

The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-10295

CVE-2025-10295 affects the Angel – Fashion Model Agency WordPress Theme (versions up to and including 3.2.3). The vulnerability is a Stored Cross-Site Scripting flaw in the profile media uploader caused by insufficient input sanitization and output escaping. It requires authenticated access at su...

WordPress Angel theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Theme Angel versions = 3.2.3...

WordPress Angel Theme <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Angel Type Theme Vulnerable versions = 3.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-10295 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 731931b06fd6 Credits WordFence Required privilege...