Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside brookside allows Reflected XSS.This issue affects Brookside: from n/a through <= 1.4.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting (client‑side execution)
Action: Patch Theme
AI Analysis

Impact

The Brookside theme contains improper neutralization of input during web page generation, resulting in a reflected cross‑site scripting (XSS) vulnerability (CWE‑79). When a user supplies specially crafted data that is echoed back by the theme without proper encoding, an attacker can inject arbitrary JavaScript into the victim’s browser. This can lead to information theft (e.g., session cookies), phishing attacks, or the execution of malicious scripts in the context of the site’s domain. The impact is confined to the web pages rendered by the vulnerable theme and does not provide direct server‑side access.

Affected Systems

ArtstudioWorks Brookside theme is affected for all released versions from the first available version up through 1.4. No specific patch version is listed; therefore, any deployment of Brookside <= 1.4 is considered vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity level for a reflected XSS vulnerability. Exploitability is likely high because the flaw can be triggered by any user visiting a crafted URL or interacting with a reflected form field. The EPSS score is unavailable, and the vulnerability is not reported in the CISA KEV catalog. Attackers can generally exploit this flaw by simply visiting a malicious URL; no elevated privileges or authentication are required.

Generated by OpenCVE AI on March 19, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Brookside theme to a version newer than 1.4

Generated by OpenCVE AI on March 19, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside brookside allows Reflected XSS.This issue affects Brookside: from n/a through <= 1.4.
References

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Artstudioworks
Artstudioworks brookside
Wordpress
Wordpress wordpress
Vendors & Products Artstudioworks
Artstudioworks brookside
Wordpress
Wordpress wordpress

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
Title WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Artstudioworks Brookside
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:13:54.043Z

Reserved: 2025-12-09T16:46:41.863Z

Link: CVE-2025-67618

cve-icon Vulnrichment

Updated: 2026-03-19T14:51:58.831Z

cve-icon NVD

Status : Deferred

Published: 2026-03-19T09:16:16.587

Modified: 2026-04-23T15:35:40.880

Link: CVE-2025-67618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:15:25Z

Weaknesses