Kids Zone Children Wordpress Theme
Monthly
Reflected cross-site scripting in the Kids Zone - Children WordPress Theme (versions 5.4 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser session when the victim opens a crafted link or page. The CVSS 3.1 base score is 7.1, elevated by a scope change (S:C) reflecting that injected script escapes the vulnerable theme context into the visitor's authenticated browser session. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; no EPSS value was supplied with the input.
Reflected cross-site scripting in the Kids Zone - Children WordPress Theme (versions 5.4 and earlier) lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser session when the victim opens a crafted link or page. The CVSS 3.1 base score is 7.1, elevated by a scope change (S:C) reflecting that injected script escapes the vulnerable theme context into the visitor's authenticated browser session. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; no EPSS value was supplied with the input.