216.73.217.17

CVE-2020-37235

· Published 16/05/2026 16:16 · Modified 16/05/2026 16:16

Labels: CVE-2020-37235 2026-05-16CVE-2020-37235CWE-79[email protected]

Essential information

Published
16/05/2026 16:16
Modified
16/05/2026 16:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpresstheme / wibar cpe:2.3:a:wordpresstheme:wibar:1.1.8:*:*:*:*:*:*:*

References