CVE-2025-64207

WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through <= 7.6.0.

We have discovered 9,537 live websites that are affected by CVE-2025-64207.

Run a Free Instant Scan



Affected Software

Product  Jannah
Category Wordpress Themes
Vulnerable Domains9,537 live websites (78% of Jannah install base)
Vulnerable Versions
  • from 0 through 7.6
Vulnerable Versions Count107 versions ( 96% of all versions)



Details

  • Published - Dec 18, 2025
  • Updated - Apr 1, 2026

Credits

  • João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2025-64207
United States2,824 websites


Russia1,605 websites
Iran959 websites
Germany701 websites
Cyprus487 websites
Turkey334 websites
France279 websites
GB270 websites
India247 websites
Brazil216 websites

Website Distribution by TLD

Number of websites using CVE-2025-64207
.com4,179 websites
.ru1,550 websites
.net460 websites
.org338 websites
.com.br210 websites
.info98 websites
.it93 websites
.de66 websites
.fr60 websites
.co.uk51 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-64207

Top websites that are affected by CVE-2025-64207. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com France**,***
*********.io United States**,***
*******.org United States**,***
****************.com United States**,***
*************.nl Netherlands**,***
***********.com United States**,***
****************.com Germany**,***
*************.com United States**,***
*******.com GB**,***
************.org **,***
See full domain list

FAQ

A total of 9,537 websites have been identified as vulnerable to CVE-2025-64207, based on global website indexing conducted by WebTechSurvey.
The Jannah is affected by the CVE-2025-64207 vulnerability.
Jannah versions up to and including 7.6 are vulnerable to CVE-2025-64207.