Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
Published: 2025-03-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Whitish Lite theme contains a stored cross‑site scripting flaw that allows attackers to inject malicious JavaScript into the site’s output. An attacker who can create or modify content can embed code that will be served to every visitor, enabling session hijacking, cookie theft, or phishing attacks. The flaw maps to CWE‑79.

Affected Systems

The vulnerability impacts yudleethemes Whitish Lite versions through 2.1.13, including all earlier releases. It is present in every installation that uses this theme and has not been fixed until a newer release is available.

Risk and Exploitability

The CVSS base score of 6.5 categorizes the issue as medium severity. The EPSS value of less than 1 % suggests that exploitation attempts are currently rare, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack path requires a user with content‑creation privileges or administrative access to the theme; an attacker could submit malicious payloads that are then stored and later served to visitors.

Generated by OpenCVE AI on May 2, 2026 at 03:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available updates for the Whitish Lite theme released by yudleethemes to fix the stored XSS vulnerability.
  • If no update exists, disable or delete the Whitish Lite theme to eliminate the stored XSS vector.
  • Implement a Content Security Policy or sanitize stored content to block script tags until the theme is updated.

Generated by OpenCVE AI on May 2, 2026 at 03:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14972 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite whitish-lite allows Stored XSS.This issue affects Whitish Lite: from n/a through <= 2.1.13. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite whitish-lite allows Stored XSS.This issue affects Whitish Lite: from n/a through <= 2.1.13.
References

Thu, 27 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 27 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
Title WordPress Whitish Lite theme <= 2.1.13 - Stored Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:10:58.920Z

Reserved: 2025-01-03T13:15:43.299Z

Link: CVE-2025-22278

cve-icon Vulnrichment

Updated: 2025-03-27T15:59:54.609Z

cve-icon NVD

Status : Deferred

Published: 2025-03-27T16:15:27.640

Modified: 2026-04-28T19:28:11.510

Link: CVE-2025-22278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T03:15:06Z

Weaknesses