Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: agneyastra

Found 1 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-3534
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 3 days ago
Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escaping in the `astra_get_responsive_background_obj()` function for four CSS-context sub-properties (`background-color`, `background-image`, `overlay-color`, `overlay-gradient`). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

Affected products

Astra
  • =<4.12.3

Matching in nixpkgs

pkgs.varunastra

Tool to enhance the security of Docker environments

pkgs.gnomeExtensions.astra-monitor

Astra Monitor is a cutting-edge, fully customizable, and performance-focused system monitoring extension for GNOME's top bar. It's an all-in-one solution for those seeking to keep a close eye on their system's performance metrics like CPU, GPU, RAM, disk usage, network statistics, and sensor readings.

  • nixos-unstable 55
    • nixpkgs-unstable 55
    • nixos-unstable-small 55
  • nixos-25.11 53
    • nixos-25.11-small 53
    • nixpkgs-25.11-darwin 53

Package maintainers