CVE-2026-25354
Published: 25 March 2026
Summary
CVE-2026-25354 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters information outputs to neutralize malicious scripts reflected during web page generation, directly preventing reflected XSS exploitation.
Validates user inputs to block malicious payloads from being improperly neutralized and reflected in web pages.
Ensures timely remediation of the specific XSS flaw by updating the vulnerable Reebox theme to version 1.4.8 or later.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress theme directly enables injection/execution of JS payloads via crafted links (T1189 drive-by, T1566.002 spearphishing link, T1190 public app exploit, T1059.007 JS interpreter); documented impact includes stealing session cookies (T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.
Deeper analysisAI
CVE-2026-25354 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as CWE-79, enabling Reflected Cross-site Scripting (XSS) in the skygroup Reebox WordPress theme. Published on 2026-03-25, it affects all versions of Reebox from its initial release through those prior to 1.4.8. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.
Attackers can exploit this vulnerability remotely without authentication by crafting malicious links or inputs that reflect executable scripts back to users. Exploitation requires user interaction, such as clicking a phishing link or visiting a manipulated page on an affected site. Successful attacks allow limited impacts: low confidentiality (e.g., stealing session cookies), low integrity (e.g., modifying page content), and low availability disruptions, but with changed scope to affect the victim's browser context and potentially other users or resources.
Patchstack advisories recommend updating the Reebox theme to version 1.4.8 or later, where the vulnerability is addressed. No workarounds are specified in available references.
Details
- CWE(s)