CVE Catalog

CVE-2025-69156

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the Kids Zone - Children WordPress theme version 5.4 and earlier. It allows a remote attacker to inject malicious JavaScript code without requiring authentication.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or exfiltrate sensitive data from the WordPress admin panel.

Recommendation

Immediately update the Kids Zone - Children theme to a version newer than 5.4. If no update is available, consider temporarily disabling the theme and replacing it with a secure alternative.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS