Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting (XSS)
Action: Patch
AI Analysis

Impact

The Molla theme fails to neutralize user input when generating web pages, resulting in a reflected cross‑site scripting flaw. An attacker can embed malicious JavaScript that is returned intact to a victim’s browser during a request. Executed in the victim’s context, the code can harvest cookies, manipulate the page, or redirect the user to malicious sites. This weakness falls under the common web input handling defect classification.

Affected Systems

WordPress installations that employ the don‑themes Molla theme with a version older than 1.5.19 are impacted. Any site using the theme from its earliest releases up through 1.5.18 contains the unsanitized input logic that enables reflected XSS on pages where the theme reflects request data.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium‑to‑high severity level. Exploitation requires only a crafted URL or form payload sent through standard web traffic and does not need privileged access. No EPSS score is listed, and the vulnerability is not catalogued by CISA KEV. Because the attack path is straightforward, sites exposed to malicious links or inputs face a significant risk of client‑side compromise.

Generated by OpenCVE AI on March 25, 2026 at 23:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade don‑themes Molla theme to version 1.5.19 or later

Generated by OpenCVE AI on March 25, 2026 at 23:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Don-themes
Don-themes molla
Wordpress
Wordpress wordpress
Vendors & Products Don-themes
Don-themes molla
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
Title WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Don-themes Molla
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:13:17.787Z

Reserved: 2026-03-12T11:12:24.776Z

Link: CVE-2026-32529

cve-icon Vulnrichment

Updated: 2026-03-25T20:02:55.614Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:06.223

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:21Z

Weaknesses