Educenter

Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

July 26, 2025 invoker category_cve

CVE Details

Basic Information

Title	Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Type	cve
Published	2025-07-26T07:23:51.169Z
Modified	2025-07-26T07:23:51.169Z

Product Information

Vendor	sparklewpthemes
Product	Educenter
Version	*

CVSS Information

Base Score	6.4 (MEDIUM)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected Products

sparklewpthemes Educenter *

Additional Information

CWE List	CWE-79
Source	Wordfence

Description

The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/6f524163-4d4c-40fc-b58a-311f1f6cac15?source=cve
https://themes.trac.wordpress.org/browser/educenter/1.6.2/blocks-extends/blocks/circle-counter.php#L46

View Full CVE Details