CVE-2025-63066

by Fred · 09/12/2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in p-themes Porto Theme – Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme – Functionality: from n/a through <= 3.6.2. More information : https://vdp.patchstack.com/database/Wordpress/Plugin/porto-functionality/vulnerability/wordpress-porto-theme-functionality-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve