CVE-2026-25342

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.

References

• https://patchstack.com/database/Wordpress/Theme/kute-boutique/vulnerability/wordpress-boutique-theme-2-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve