ByteOS Network

Craft

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-68538

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 10.43%

7 Day CHG~0.00%

Published-22 Jan, 2026 | 16:52

Updated-29 Jan, 2026 | 01:16

WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.

Vendor-ThemeGoods

Product-Craft

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')