Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Apr 28, 2026
WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-64224
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.
Affected products
2< 2.6.4+ 1 more
- (no CPE)range: < 2.6.4
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.