CVE Catalog

CVE-2025-69154

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the SpaLab Beauty Salon WordPress Theme version 6.7 and earlier. It allows a remote attacker to inject malicious JavaScript code without authentication.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or exfiltrate sensitive data, compromising the security of website visitors.

Recommendation

Immediately update the Beauty Salon theme to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the theme or deploying a web application firewall (WAF).

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS