CVE-2025-64194: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability has been identified in ThimPress's Eduma WordPress theme, tracked as CVE-2025-64194. The vulnerability affects versions through 5.7.6 and was disclosed on October 29, 2025. This security issue is related to improper neutralization of input during web page generation (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed, with low impact on confidentiality, integrity, and availability (CISA-ADP).

The vulnerability allows for stored Cross-Site Scripting attacks, which could potentially lead to unauthorized data access, session hijacking, or manipulation of web content. The impact is considered moderate as it requires user interaction and low-level privileges to exploit (Patchstack).

Users of the Eduma WordPress theme should upgrade to a version newer than 5.7.6 when available. Until then, website administrators should implement strong access controls and monitor for suspicious activities (NVD).