Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross-site Scripting enabling execution of arbitrary client-side code
Action: Patch
AI Analysis

Impact

Improper neutralization of input during web page generation in the Golo theme allows reflected Cross-site Scripting (XSS). A malicious actor can send crafted input that is echoed back to the victim's browser, enabling execution of arbitrary JavaScript.

Affected Systems

WordPress sites that use the Golo theme prior to version 1.7.5 are affected; the vulnerability applies to every release from the earliest unavailable through any version less than 1.7.5.

Risk and Exploitability

The CVSS base score of 7.1 indicates high severity. No EPSS score is reported and the issue is not listed in CISA’s KEV catalog. The likely attack vector is a public web request that includes malicious query parameters or form data processed by the theme without adequate sanitization, requiring the victim to visit a crafted URL.

Generated by OpenCVE AI on March 25, 2026 at 23:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Golo theme to version 1.7.5 or newer.

Generated by OpenCVE AI on March 25, 2026 at 23:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Uxper
Uxper golo
Wordpress
Wordpress wordpress
Vendors & Products Uxper
Uxper golo
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
Title WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Uxper Golo
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:03.975Z

Reserved: 2026-01-19T16:14:52.937Z

Link: CVE-2026-23973

cve-icon Vulnrichment

Updated: 2026-03-25T20:18:03.308Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:36.420

Modified: 2026-03-30T13:27:35.820

Link: CVE-2026-23973

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:13:12Z

Weaknesses