CVE-2025-63037

The Ronneby Theme Core WordPress plugin (ronneby-core) versions up to and including 1.5.68 contain a DOM-based Cross-Site Scripting (XSS) vulnerability. The root cause is improper neutralization of user-supplied input during web page generation, which enables an attacker to inject arbitrary JavaScript into the DOM of a victim's browser [1].

Exploitation requires user interaction, such as clicking a crafted link or visiting a specially prepared page. malicious page, and a privileged user (e.g., administrator) must perform the action. The attack is initiated by a low-privileged authenticated user or external attacker who tricks a privileged user into triggering the payload [1].

Successful exploitation allows an attacker to inject malicious scripts, such as redirects, advertisements, or other HTML payloads other HTML payloads, which execute when visitors access the site. This can lead to defacement, data theft, or further compromise of the WordPress installation [1].

As of the advisory from Patchstack recommends immediate update of the plugin. If updating is not possible, users should contact their hosting provider or web developer for assistance. The vulnerability is listed as used in mass-exploit campaigns, emphasizing the need for prompt patching [1].