CVE-2025-53585

Vulnerability

Overview The WeMusic WordPress theme by NooTheme, versions up to and including 1.9.1, contains a reflected cross-site scripting (XSS) vulnerability. The issue stems from improper neutralization of user-supplied input during web page generation, allowing unvalidated data to be reflected back to the user [1].

Exploitation

Prerequisites Exploitation requires user interaction, such as clicking a crafted link or visiting a maliciously prepared page. The attacker does not need authenticated access to the site, but the victim must be a privileged user (e.g., administrator) for the script to execute in that session [1]. This type of vulnerability is often used in mass-exploit campaigns targeting thousands of WordPress sites regardless of size or popularity [1].

Impact

Successful exploitation enables an attacker to inject arbitrary HTML and JavaScript into the victim's browser. This could be used to perform redirects, display advertisements, steal session tokens, or execute other malicious actions within the context of the affected site [1].

Mitigation

The vulnerability has been patched in version 1.9.2 of the theme. Users are strongly advised to update immediately. Patchstack also provides a virtual mitigation rule to block exploitation attempts until the update is applied [1].