Aardvark 4.6.3 and earlier: Malicious code can be injected into web pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Aardvark 4.6.3 and earlier: Malicious code can be injected into web pages

CVE-2025-69296

Summary

The Aardvark software does not properly filter user input, which allows an attacker to inject malicious code into web pages. This can happen when a user clicks on a link or visits a webpage with malicious content. To protect your system, update Aardvark to version 4.6.4 or later.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through ...

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Theme/aardvark/vulnerability/wordpress...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026