PT-2026-21129 · Unknown · Designthemes Core Features
Published
2026-02-20
·
Updated
2026-02-22
·
CVE-2025-69302
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
DesignThemes Core Features versions prior to 2.3
Description
A flaw exists in DesignThemes Core Features that allows for Reflected Cross-site Scripting (XSS). This issue arises from improper handling of user-supplied data during web page creation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is
designthemes-core-features.Recommendations
Update DesignThemes Core Features to a version newer than 2.3.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Designthemes Core Features