{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25355", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:48.540Z", "datePublished": "2026-03-25T16:14:44.356Z", "dateUpdated": "2026-03-25T20:23:36.012Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "sanzo", "product": "Sanzo", "vendor": "skygroup", "versions": [{"changes": [{"at": "2.4.3", "status": "unaffected"}], "lessThanOrEqual": "< 2.4.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:24.463Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.<p>This issue affects Sanzo: from n/a through < 2.4.3.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:44.356Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/sanzo/vulnerability/wordpress-sanzo-theme-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25355", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:23:05.700440Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:23:36.012Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25355", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:23:05.700440Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:23:06.761Z"}}], "cna": {"title": "WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "affected": [{"vendor": "skygroup", "product": "Sanzo", "versions": [{"status": "affected", "changes": [{"at": "2.4.3", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "< 2.4.3"}], "packageName": "sanzo", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:24.463Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/sanzo/vulnerability/wordpress-sanzo-theme-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.<p>This issue affects Sanzo: from n/a through < 2.4.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:44.356Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25355", "state": "PUBLISHED", "dateUpdated": "2026-03-25T20:23:36.012Z", "dateReserved": "2026-02-02T12:52:48.540Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:44.356Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3."}], "id": "CVE-2026-25355", "lastModified": "2026-03-25T21:16:35.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:46.463", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/sanzo/vulnerability/wordpress-sanzo-theme-2-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T18:56:55.756312+00:00", "value": {"mitigation_remediation": ["Install a version of the Sanzo theme that is 2.4.3 or newer."], "summary": {"action": "Update Theme", "impact": "Stored cross\u2011site scripting in the Sanzo WordPress theme"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Sanzo theme produced by skygroup for WordPress. All releases from the initial release through any version earlier than 2.4.3 are affected; version 2.4.3 and later are considered safe.", "description_and_impact": "The flaw is an improper neutralisation of user input during web page generation, allowing attackers to inject arbitrary scripts that are stored and later rendered on the site. This stored XSS can execute in the context of any visitor who views the affected page or content, potentially leading to session hijacking, credential theft, or defacement. The weakness corresponds to CWE\u201179.", "risk_and_exploitability": "The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and no EPSS score is publicly available, so the precise exploitation likelihood is unclear. The likely attack vector involves any input field or configuration setting that accepts user\u2011supplied content and renders it without sanitisation. An attacker who can inject content\u2014such as by posting comments, editing custom fields, or modifying theme options\u2014can embed malicious JavaScript that will run in the browsers of all site visitors who load the affected page, enabling data exfiltration or other malicious actions. The risk level is moderate to high, especially for sites with many visitors or where sensitive information is displayed."}}}}, "created": "2026-03-25T21:44:57.835040+00:00", "updated": "2026-03-25T21:44:57.835093+00:00", "vendors": []}