Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting
Action: Patch Now
AI Analysis

Impact

Improper neutralization of input during web page generation in the don‑themes Riode theme allows reflected cross‑site scripting. The flaw can cause malicious scripts to be injected and executed when a user visits a crafted URL.

Affected Systems

The vulnerability affects all releases of the don‑themes Riode theme older than version 1.6.29. Any WordPress site using a pre‑1.6.29 build of the theme is susceptible.

Risk and Exploitability

The CVSS score of 7.1 denotes high severity. No EPSS score is available, so exploitation likelihood cannot be quantified. The flaw is not listed in CISA’s KEV catalog. Attacks would require a user to visit a crafted link that triggers the reflected payload.

Generated by OpenCVE AI on March 26, 2026 at 00:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Riode theme to version 1.6.29 or later
  • Confirm that the upgrade has been applied
  • If an update cannot be applied immediately, restrict the theme’s exposure and monitor site traffic for suspicious activity

Generated by OpenCVE AI on March 26, 2026 at 00:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Don-themes
Don-themes riode
Wordpress
Wordpress wordpress
Vendors & Products Don-themes
Don-themes riode
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
Title WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Don-themes Riode
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:13:17.937Z

Reserved: 2026-03-12T11:12:24.776Z

Link: CVE-2026-32528

cve-icon Vulnrichment

Updated: 2026-03-25T20:03:07.828Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:17:06.060

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-32528

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:22Z

Weaknesses