CVE-2025-64197: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Rehub WordPress theme (CVE-2025-64197), affecting versions prior to 19.9.9.1. The vulnerability was discovered and disclosed on October 29, 2025, and requires user authentication with Contributor or higher privileges to exploit (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue. It has received a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with changed scope and low impact on confidentiality, integrity, and availability (CISA-ADP).

The vulnerability allows authenticated users with Contributor or higher privileges to perform Stored Cross-Site Scripting attacks. This could potentially lead to unauthorized access to sensitive information, manipulation of web content, and compromise of user sessions (NVD).

Users are advised to update their Rehub theme to version 19.9.9.1 or later to address this vulnerability (Patchstack).