Skip to main content

Kids Life Children School Wordpress

1 CVEs product

Monthly

CVE-2026-27402 HIGH This Week

Reflected/stored cross-site scripting in the DesignThemes 'Kids Life | Children School' WordPress theme (versions 5.2 and earlier) allows unauthenticated remote attackers to inject arbitrary web script that executes in a victim's browser when they interact with a crafted link or input. The CVSS vector (PR:N, UI:R, Scope Changed) indicates no authentication is needed but the victim must be lured into interaction, and the injected script can cross into other security contexts. No public exploit code has been identified at time of analysis, and it is not listed in CISA KEV.

WordPress XSS Kids Life Children School Wordpress
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored cross-site scripting in the DesignThemes 'Kids Life | Children School' WordPress theme (versions 5.2 and earlier) allows unauthenticated remote attackers to inject arbitrary web script that executes in a victim's browser when they interact with a crafted link or input. The CVSS vector (PR:N, UI:R, Scope Changed) indicates no authentication is needed but the victim must be lured into interaction, and the injected script can cross into other security contexts. No public exploit code has been identified at time of analysis, and it is not listed in CISA KEV.

WordPress XSS Kids Life Children School Wordpress
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy