CVE-2026-32529
Published: 25 March 2026
Summary
CVE-2026-32529 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses this CVE by requiring update of the vulnerable Molla WordPress theme to version 1.5.19 or later where the XSS issue is fixed.
Information output filtering neutralizes reflected XSS payloads by encoding user-supplied input before inclusion in dynamically generated web pages of the Molla theme.
Information input validation detects and sanitizes malicious XSS payloads prior to processing, preventing their reflection in the Molla theme's web pages.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress theme enables direct exploitation of web apps (T1190) via crafted malicious links delivered by spearphishing (T1566.002) or user execution of malicious links (T1204.001), facilitating web session cookie theft (T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
Deeper analysisAI
CVE-2026-32529 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-Site Scripting (XSS, CWE-79), in the Molla WordPress theme developed by don-themes. It affects all versions of Molla from n/a through those prior to 1.5.19. The vulnerability was published on 2026-03-25 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, user interaction requirement, and changed scope with low impacts on confidentiality, integrity, and availability.
Attackers can exploit this vulnerability remotely without authentication by crafting malicious payloads that are reflected back in dynamically generated web pages. Exploitation requires tricking a user—such as an authenticated WordPress administrator or editor—into interacting with a malicious link or input (e.g., via phishing or social engineering), which triggers the XSS payload in the victim's browser context. Successful exploitation allows limited theft or manipulation of sensitive data (like session cookies or page content) and minor denial of service, leveraging the changed scope for cross-origin effects.
The Patchstack advisory recommends updating the Molla theme to version 1.5.19 or later, where the vulnerability is fixed, as the issue affects versions below this release. No workarounds are specified in available references.
Details
- CWE(s)