Fitness Zone Wordpress Theme
Monthly
Reflected/unauthenticated Cross-Site Scripting in the Fitness Zone WordPress theme (versions 5.7 and earlier) by designthemes allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or request. The scope-change (S:C) rating indicates the injected script can affect resources beyond the vulnerable component, such as hijacking authenticated admin sessions. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw was reported by Patchstack.
Reflected/unauthenticated Cross-Site Scripting in the Fitness Zone WordPress theme (versions 5.7 and earlier) by designthemes allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or request. The scope-change (S:C) rating indicates the injected script can affect resources beyond the vulnerable component, such as hijacking authenticated admin sessions. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw was reported by Patchstack.