CVE-2020-37235
WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page.
| CWE | CWE-79 |
| Vendor | themeftc |
| Product | theme wibar |
| Published | May 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for themeftc theme wibar
Be the first to know when new medium vulnerabilities affecting themeftc theme wibar are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
None
Affected Versions
themeftc / Theme Wibar
1.1.8
References
exploit-db.com: https://www.exploit-db.com/exploits/49107 demo.themeftc.com: http://demo.themeftc.com/wibar themeforest.net: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 vulncheck.com: https://www.vulncheck.com/advisories/wordpress-theme-wibar-stored-cross-site-scripting-via-brand-component
Credits
Ilca Lucian Florin