CVE-2025-10295
📋 TL;DR
This stored XSS vulnerability in the Angel WordPress theme allows authenticated attackers with subscriber-level access or higher to inject malicious scripts into profile pages. The scripts execute whenever users view the compromised pages, potentially compromising their sessions or browsers. All WordPress sites using this theme up to version 3.2.3 are affected.
💻 Affected Systems
- Angel – Fashion Model Agency WordPress CMS Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, install backdoors, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Attackers with subscriber accounts inject malicious scripts to steal session cookies, redirect users to phishing pages, or deface profile pages.
If Mitigated
With proper input validation and output escaping, the vulnerability is prevented, and only legitimate profile content is displayed.
🎯 Exploit Status
Exploitation requires authenticated access (subscriber or higher) and knowledge of the vulnerable media uploader field.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.4 or later
Vendor Advisory: https://themeforest.net/item/angel-fashion-model-agency-wordpress-cms-theme/4251413
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Angel theme updates. 4. Update to version 3.2.4 or later. 5. Clear any caching plugins/CDN caches.
🔧 Temporary Workarounds
Disable theme temporarily
allSwitch to a default WordPress theme until patch is applied
wp theme activate twentytwentyfour
Restrict user profile editing
allUse WordPress roles/capabilities to limit who can edit profiles
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with XSS protection rules
- Disable the media uploader in profile forms via theme customization or plugin
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Appearance > Themes for Angel theme version. If version is 3.2.3 or lower, you are vulnerable.Check Version:
wp theme list --name=angel --field=versionVerify Fix Applied:
After updating, verify theme version shows 3.2.4 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual profile updates with script tags in media uploader fields
- Multiple failed login attempts followed by profile edits
Network Indicators:
- Outbound connections to suspicious domains after profile page views
- Unexpected script loads from profile pages
SIEM Query:
source="wordpress.log" AND ("profile_update" OR "edit_user") AND ("script" OR "javascript:" OR "onerror=")