CVE-2025-10737

Name of the Vulnerable Software and Affected Versions Genesis Framework theme for WordPress versions up to and including 3.6.0

Description The Open Source Genesis Framework theme for WordPress is susceptible to Stored Cross-Site Scripting through its shortcodes. Insufficient input sanitization and output escaping on user-supplied attributes allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.

Recommendations Update the Genesis Framework theme to a version newer than 3.6.0.