3 matches found
CVE-2025-31428
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through = 2.8...
CVE-2025-31428
CVE-2025-31428 describes an unpatched Reflected Cross-Site Scripting (XSS) in the BuddhaThemes HYDRO WordPress theme (versions n/a through 2.8). The vulnerability arises from improper neutralization of user input during web page generation, enabling an attacker to inject scripts via a reflected p...
WordPress HYDRO Theme <= 2.8 is vulnerable to Cross Site Scripting (XSS)
Software HYDRO Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31428 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d4b1bd6f0305 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...