Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
Published: 2025-05-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Tiger theme for WordPress contains an improper neutralization of user input during page rendering, leading to a reflected XSS vulnerability. When a malicious payload is included in a request, it is reflected back into the response without proper escaping, allowing an attacker to execute arbitrary JavaScript in the victim’s browser. This flaw directly compromises the integrity of the site for visitors.

Affected Systems

The WordPress Tiger theme, versions up to and including 2.0, is vulnerable.

Risk and Exploitability

The CVSS score of 7.1 marks this flaw as high severity, and the very low EPSS (<1%) indicates that exploit attempts are currently rare, though the condition for exploitation is simple: an attacker only needs to craft a URL or input that is reflected. Because the vulnerability is not listed in the CISA KEV catalog, there is no known active exploitation campaign, but the potential for an attacker to execute malicious code is clear if a user visits a malicious link or submits crafted data.

Generated by OpenCVE AI on May 1, 2026 at 08:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Tiger theme to a version newer than 2.0 to replace the vulnerable code.
  • If an upgrade is not immediately possible, disable or remove the Tiger theme from active deployment to eliminate the attack surface.
  • Implement a strict Content Security Policy that blocks inline scripts and restricts script execution to trusted sources.
  • Verify that the theme’s input fields now properly escape or sanitize all user-specified data to prevent future XSS opportunities.

Generated by OpenCVE AI on May 1, 2026 at 08:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15791 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through <= 2.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through <= 2.0.
References

Fri, 06 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Jocoxdesign
Jocoxdesign tiger
CPEs cpe:2.3:a:jocoxdesign:tiger:*:*:*:*:*:wordpress:*:*
Vendors & Products Jocoxdesign
Jocoxdesign tiger

Mon, 19 May 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 20:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
Title WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Jocoxdesign Tiger
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:03.912Z

Reserved: 2025-03-26T09:23:14.825Z

Link: CVE-2025-31027

cve-icon Vulnrichment

Updated: 2025-05-19T21:10:26.043Z

cve-icon NVD

Status : Modified

Published: 2025-05-19T20:15:21.747

Modified: 2026-06-17T09:09:44.983

Link: CVE-2025-31027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')