Platform
wordpress
Component
zorka
Fixed in
1.5.8
CVE-2025-69096 describes a Reflected Cross-Site Scripting (XSS) vulnerability within the Zorka WordPress theme. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, data theft, or defacement. The vulnerability impacts versions of Zorka from 0.0.0 through 1.5.7, and a patch is expected to be released by the theme developer.
The impact of this Reflected XSS vulnerability is significant. An attacker could craft a malicious URL containing JavaScript code. When a user clicks on this URL, the injected script executes within their browser context, with the same privileges as the user. This could allow an attacker to steal session cookies, redirect users to phishing sites, or even modify the content of the website. The blast radius extends to all users who visit pages affected by the vulnerability, making it a high-priority concern for Zorka theme users. Successful exploitation could lead to complete account compromise and potential data breaches.
CVE-2025-69096 was published on 2026-03-25. As of this date, there are no publicly known Proof-of-Concept (PoC) exploits. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is considered medium, given the ease of exploiting reflected XSS vulnerabilities once a suitable attack vector is identified.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-69096 is to upgrade to a patched version of the Zorka WordPress theme. Until a patch is available, consider implementing temporary workarounds. Input validation and output encoding on user-supplied data within the theme can help prevent XSS attacks. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Monitor web server access logs for suspicious URL patterns containing JavaScript code.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-69096 is a Reflected XSS vulnerability in the Zorka WordPress theme, allowing attackers to inject malicious scripts. It affects versions 0.0.0–1.5.7 and poses a significant security risk.
If you are using the Zorka WordPress theme and your version is between 0.0.0 and 1.5.7 (inclusive), you are potentially affected by this vulnerability. Check your theme version immediately.
The recommended fix is to upgrade to a patched version of the Zorka WordPress theme. Monitor the theme developer's website for updates and apply them as soon as they become available.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-69096. However, the vulnerability is publicly known, and exploitation is possible.
Refer to the Zorka theme developer's website or WordPress plugin repository for the official advisory and patch information regarding CVE-2025-69096.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.