CVE-2020-37235 MEDIUM

CVE-2020-37235: WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

Vendor Themeftc

Product Theme Wibar

Weakness CWE-79 · XSS

Published May 16, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

Description

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page.

Key dates

Disclosure timeline

May 16, 2026 CVE published

May 24, 2026 Record updated