Nativechurch
Monthly
Reflected cross-site scripting in the NativeChurch WordPress theme (versions 4.8.8.2 and earlier, by imithemes) allows unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (7.1) reflects a scope change with limited confidentiality, integrity, and availability impact, and requires victim interaction. No public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed through Patchstack's WordPress vulnerability database.
Reflected cross-site scripting in the NativeChurch WordPress theme (versions 4.8.8.2 and earlier, by imithemes) allows unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The CVSS 3.1 vector (7.1) reflects a scope change with limited confidentiality, integrity, and availability impact, and requires victim interaction. No public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed through Patchstack's WordPress vulnerability database.