Plataforma
wordpress
Componente
zorka
Corregido en
1.5.8
CVE-2025-69096 describes a Reflected Cross-Site Scripting (XSS) vulnerability within the Zorka WordPress theme. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, data theft, or defacement. The vulnerability impacts versions of Zorka from 0.0.0 through 1.5.7, and a patch is expected to be released by the theme developer.
The impact of this Reflected XSS vulnerability is significant. An attacker could craft a malicious URL containing JavaScript code. When a user clicks on this URL, the injected script executes within their browser context, with the same privileges as the user. This could allow an attacker to steal session cookies, redirect users to phishing sites, or even modify the content of the website. The blast radius extends to all users who visit pages affected by the vulnerability, making it a high-priority concern for Zorka theme users. Successful exploitation could lead to complete account compromise and potential data breaches.
CVE-2025-69096 was published on 2026-03-25. As of this date, there are no publicly known Proof-of-Concept (PoC) exploits. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is considered medium, given the ease of exploiting reflected XSS vulnerabilities once a suitable attack vector is identified.
Websites using the Zorka WordPress theme, particularly those with user input fields or dynamic content generation, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromised Zorka installation on one site could potentially impact others.
• wordpress / composer / npm:
grep -r "<script" /var/www/html/wp-content/themes/zorka/*• generic web:
curl -I https://example.com/?param=<script>alert(1)</script>• wordpress / composer / npm:
wp plugin list --status=inactive | grep zorkadisclosure
Estado del Exploit
EPSS
0.04% (11% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-69096 is to upgrade to a patched version of the Zorka WordPress theme. Until a patch is available, consider implementing temporary workarounds. Input validation and output encoding on user-supplied data within the theme can help prevent XSS attacks. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Monitor web server access logs for suspicious URL patterns containing JavaScript code.
No se conoce ninguna solución disponible. Por favor, revise los detalles de la vulnerabilidad en profundidad y aplique mitigaciones basadas en la tolerancia al riesgo de su organización. Puede ser mejor desinstalar el software afectado y buscar un reemplazo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-69096 is a Reflected XSS vulnerability in the Zorka WordPress theme, allowing attackers to inject malicious scripts. It affects versions 0.0.0–1.5.7 and poses a significant security risk.
If you are using the Zorka WordPress theme and your version is between 0.0.0 and 1.5.7 (inclusive), you are potentially affected by this vulnerability. Check your theme version immediately.
The recommended fix is to upgrade to a patched version of the Zorka WordPress theme. Monitor the theme developer's website for updates and apply them as soon as they become available.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-69096. However, the vulnerability is publicly known, and exploitation is possible.
Refer to the Zorka theme developer's website or WordPress plugin repository for the official advisory and patch information regarding CVE-2025-69096.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.