Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through <= 1.43.
Published: 2025-05-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of user input that allows reflected XSS within the WordPress Tijaji theme. The flaw means that an attacker can embed malicious script code in a request that is reflected back in the page without proper escaping, potentially leading to defacement, credential theft, or session hijacking. The weakness is the classic input validation/flawed sanitization error identified as CWE‑79.

Affected Systems

WordPress sites using the Tijaji theme version 1.43 or earlier are impacted. The vulnerability exists from the earliest available version (“n/a”) up to and including 1.43. Any site that has installed this theme version should be considered affected.

Risk and Exploitability

The CVSS score of 7.1 reflects a high‑severity risk. The EPSS score of less than 1% indicates that, at the time of this assessment, exploitation probability is very low, and the vulnerability is not listed in the CISA KEV catalog. The flaw is exploitable via reflected requests – an attacker must craft a URL or form that passes malicious data to a vulnerable endpoint. From the data provided, it is inferred that the attack vector is from the web browser, using the theme’s output rendering process.

Generated by OpenCVE AI on May 1, 2026 at 08:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WordPress Tijaji theme to a version newer than 1.43 (or apply the vendor patch provided by the theme developer).
  • If an upgrade cannot be performed immediately, sanitize or escape any user‑supplied data that the theme outputs or enforce content‑security‑policy to mitigate script execution.
  • Consider blocking or filtering the vulnerable query parameters at the web application firewall level to prevent reflected input from reaching the theme code.

Generated by OpenCVE AI on May 1, 2026 at 08:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15724 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through <= 1.43.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43.
Title WordPress Tijaji theme <= 1.43 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T23:59:51.004Z

Reserved: 2025-01-16T11:33:22.827Z

Link: CVE-2025-23983

cve-icon Vulnrichment

Updated: 2025-05-19T17:49:10.797Z

cve-icon NVD

Status : Deferred

Published: 2025-05-19T16:15:27.697

Modified: 2026-06-17T08:57:50.220

Link: CVE-2025-23983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:30:12Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')