Plattform
wordpress
Komponente
molla
Behoben in
1.5.20
CVE-2026-32529 describes a Reflected Cross-Site Scripting (XSS) vulnerability present in the Molla WordPress theme. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, data theft, or defacement. The vulnerability affects versions of Molla prior to 1.5.19, and a patch has been released.
The impact of this XSS vulnerability is significant. An attacker could craft a malicious URL containing JavaScript code. When a user clicks on this URL, the script executes in their browser within the context of the Molla theme. This allows the attacker to steal cookies, redirect the user to a phishing site, or modify the content of the page. The blast radius extends to all users who interact with the vulnerable Molla theme, particularly those who click on links from untrusted sources. Successful exploitation could compromise user accounts and sensitive data stored within the WordPress site.
CVE-2026-32529 was publicly disclosed on 2026-03-25. While no active exploitation campaigns have been publicly reported, the ease of exploitation associated with reflected XSS vulnerabilities means it is likely to be targeted. There are no known public proof-of-concept exploits available at this time, but the vulnerability is considered easily exploitable given the lack of input sanitization.
Websites using the Molla WordPress theme, particularly those with user input fields or forms, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromised Molla installation on one site could potentially impact others.
• wordpress / composer / npm:
grep -r '<script>' /var/www/html/wp-content/themes/molla/*• generic web:
curl -I https://example.com/?param=<script>alert(1)</script>• wordpress / composer / npm:
wp plugin list --status=inactive | grep molladisclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2026-32529 is to upgrade the Molla WordPress theme to version 1.5.19 or later. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing input validation and output encoding on user-supplied data within the theme. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of protection. Regularly scan your WordPress installation for vulnerabilities using security plugins.
Aktualisieren Sie auf Version 1.5.19 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-32529 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting Molla WordPress themes before version 1.5.19, allowing attackers to inject malicious scripts.
You are affected if you are using Molla WordPress theme versions prior to 1.5.19. Check your theme version and update immediately if necessary.
Upgrade the Molla WordPress theme to version 1.5.19 or later. Consider input validation and WAF rules as additional protection.
While no active exploitation campaigns have been confirmed, the vulnerability is likely to be targeted due to its ease of exploitation.
Refer to the official Molla theme documentation and WordPress plugin repository for updates and security advisories related to CVE-2026-32529.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.