Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2.
Published: 2026-03-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

Improper neutralization of user‑supplied input during web page generation enables reflected XSS in the DeepDigital WordPress theme. The flaw allows an attacker to inject malicious code that executes in the victim’s browser. The weakness is a Classic Input Validation failure (CWE‑79).

Affected Systems

The vulnerability affects the DeepDigital theme from mwtemplates, impacting all installations using version 1.0.2 or earlier. No later versions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. EPSS is below 1 %, suggesting a low likelihood of exploitation at this time, and the issue is not listed in the CISA KEV catalog. The likely attack vector involves delivering a crafted URL or input that is reflected without proper encoding, making it exploitable by any user who visits the malicious link or submits the malicious input. The impact is limited to the victim’s browser.

Generated by OpenCVE AI on April 16, 2026 at 12:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DeepDigital theme to the latest version or a version newer than 1.0.2
  • Implement output escaping or input sanitization for any custom fields where the theme renders user data
  • Deploy a Web Application Firewall rule that blocks or sanitizes potentially malicious script payloads

Generated by OpenCVE AI on April 16, 2026 at 12:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mwtemplates
Mwtemplates deepdigital
Wordpress
Wordpress wordpress
Vendors & Products Mwtemplates
Mwtemplates deepdigital
Wordpress
Wordpress wordpress

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2.
Title WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Mwtemplates Deepdigital
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:13:57.656Z

Reserved: 2026-01-07T13:44:06.688Z

Link: CVE-2026-22467

cve-icon Vulnrichment

Updated: 2026-03-09T15:32:15.392Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-05T06:16:20.640

Modified: 2026-03-09T16:16:18.233

Link: CVE-2026-22467

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:00:11Z

Weaknesses