Unrated severityNVD Advisory· Published Dec 18, 2025· Updated Apr 28, 2026
WordPress Photography theme <= 7.7.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-64217
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.
Affected products
2<=7.7.2+ 1 more
- (no CPE)range: <=7.7.2
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.