Platform
wordpress
Component
molla
Fixed in
1.5.20
CVE-2026-32529 describes a Reflected Cross-Site Scripting (XSS) vulnerability discovered in the Molla WordPress theme. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to account takeover or data theft. The vulnerability impacts versions of Molla prior to 1.5.19, and a patch has been released to address the issue.
An attacker exploiting this XSS vulnerability can inject arbitrary JavaScript code into a user's browser when they visit a crafted URL. This malicious script can then steal session cookies, redirect users to phishing sites, or deface the website. The impact is particularly severe because WordPress sites often handle sensitive user data, such as login credentials and personal information. Successful exploitation could lead to widespread compromise of user accounts and data breaches, especially if the theme is widely deployed.
CVE-2026-32529 was publicly disclosed on 2026-03-25. While no active exploitation campaigns have been confirmed at the time of writing, the ease of exploiting reflected XSS vulnerabilities means it is likely to be targeted. No KEV listing exists as of this date. Public proof-of-concept code is likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.04% (11% percentile)
CVSS Vector
The primary mitigation for CVE-2026-32529 is to immediately update the Molla WordPress theme to version 1.5.19 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on user-supplied data within the theme to reduce the attack surface. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection. After upgrading, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) through a vulnerable parameter and confirming that it is properly sanitized.
Update to version 1.5.19, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32529 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting Molla WordPress themes before version 1.5.19, allowing attackers to inject malicious scripts.
You are affected if you are using Molla WordPress theme versions prior to 1.5.19. Check your theme version and update immediately if necessary.
Upgrade the Molla WordPress theme to version 1.5.19 or later. Consider input validation and WAF rules as additional protection.
While no active exploitation campaigns have been confirmed, the vulnerability is likely to be targeted due to its ease of exploitation.
Refer to the official Molla theme documentation and WordPress plugin repository for updates and security advisories related to CVE-2026-32529.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.