CVE-2026-23973
Published: 25 March 2026
Summary
CVE-2026-23973 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses reflected XSS by requiring filtering of information prior to output to web pages to prevent execution of malicious scripts.
Enforces validation of user inputs to block malicious payloads that could lead to improper neutralization during web page generation.
Requires timely remediation of identified flaws, such as patching the Golo theme to version 1.7.5 or later to fix the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables delivery of malicious links via phishing (T1566.002) requiring user interaction (T1204.001) to execute scripts that steal session cookies/tokens (T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.
Deeper analysisAI
CVE-2026-23973 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-Site Scripting (XSS) under CWE-79, affecting the Golo WordPress theme developed by uxper. The issue impacts all versions of Golo from n/a through those prior to 1.7.5. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, user interaction requirement, and changed scope with low impacts on confidentiality, integrity, and availability.
Attackers can exploit this vulnerability remotely without authentication by crafting malicious payloads delivered via reflected inputs on Golo-powered WordPress sites. Exploitation requires tricking authenticated users, such as site visitors or administrators, into interacting with a malicious link or input (e.g., via phishing or social engineering), which triggers the XSS payload in the victim's browser context with elevated privileges due to the changed scope. Successful exploitation enables limited theft of sensitive data (e.g., session tokens), minor data manipulation, or denial of service within the site's scope.
The Patchstack advisory for this vulnerability in the Golo WordPress theme recommends updating to version 1.7.5 or later, where the reflected XSS flaw has been addressed. No additional workarounds are specified in the available references.
Details
- CWE(s)