Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
Published: 2026-03-19
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting (client‑side execution)
Action: Patch Theme
AI Analysis

Impact

The ArtstudioWorks Brookside theme is vulnerable to an improper neutralization of input during web page generation that results in reflected cross‑site scripting (CWE‑79). When a user supplies crafted data that the theme echoes back without adequate encoding, an attacker can inject arbitrary JavaScript into the victim’s browser. This enables information theft (such as session cookies), phishing, or execution of malicious scripts in the context of the site’s domain. The impact is limited to the web pages rendered by the vulnerable theme and does not grant server‑side access.

Affected Systems

ArtstudioWorks Brookside theme is affected for all released versions from the first available version up through 1.4. No specific patch version is listed; therefore, any deployment of Brookside <= 1.4 is considered vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity level for a reflected XSS vulnerability. Exploitability is likely high because the flaw can be triggered by any user visiting a crafted URL or interacting with a reflected form field. The EPSS score is < 1%, indicating a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers can generally exploit this flaw by simply visiting a malicious URL; no elevated privileges or authentication are required.

Generated by OpenCVE AI on April 28, 2026 at 22:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Brookside theme version that is newer than 1.4 to remove the XSS flaw.
  • Review all theme templates for unsanitized output and apply proper escaping or sanitization to any user‑supplied data.
  • Run an XSS scanning tool such as OWASP ZAP or Burp Suite on the site to verify that no reflected input remains vulnerable and monitor for future regressions.

Generated by OpenCVE AI on April 28, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside brookside allows Reflected XSS.This issue affects Brookside: from n/a through <= 1.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
References

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside brookside allows Reflected XSS.This issue affects Brookside: from n/a through <= 1.4.
References

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Artstudioworks
Artstudioworks brookside
Wordpress
Wordpress wordpress
Vendors & Products Artstudioworks
Artstudioworks brookside
Wordpress
Wordpress wordpress

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.
Title WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Artstudioworks Brookside
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:22.615Z

Reserved: 2025-12-09T16:46:41.863Z

Link: CVE-2025-67618

cve-icon Vulnrichment

Updated: 2026-03-19T14:51:58.831Z

cve-icon NVD

Status : Deferred

Published: 2026-03-19T09:16:16.587

Modified: 2026-04-28T19:35:38.927

Link: CVE-2025-67618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:30:41Z

Weaknesses