Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.
References
Configurations
History
22 Jan 2026, 22:02
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Themegoods photography
Themegoods |
|
| CPE | cpe:2.3:a:themegoods:photography:*:*:*:*:*:wordpress:*:* | |
| References | () https://patchstack.com/database/Wordpress/Theme/photography/vulnerability/wordpress-photography-theme-7-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve - Third Party Advisory |
20 Jan 2026, 15:18
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
18 Dec 2025, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
18 Dec 2025, 08:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-18 08:16
Updated : 2026-01-22 22:02
NVD link : CVE-2025-64217
Mitre link : CVE-2025-64217
CVE.ORG link : CVE-2025-64217
JSON object : View
Products Affected
themegoods
- photography
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')