Nyla
Monthly
Basic XSS via arbitrary shortcode execution in the Nyla WordPress theme (versions through 1.7) allows unauthenticated remote attackers to inject script-bearing HTML tags into rendered web pages, resulting in limited confidentiality impact against site visitors. The vulnerability is classified under CWE-80 and was disclosed by Patchstack, who titled the finding 'Arbitrary Shortcode Execution' - indicating that the XSS payload is delivered through unsanitized shortcode rendering rather than a conventional input field. No public exploit code exists and no active exploitation has been confirmed at time of analysis.
Basic XSS via arbitrary shortcode execution in the Nyla WordPress theme (versions through 1.7) allows unauthenticated remote attackers to inject script-bearing HTML tags into rendered web pages, resulting in limited confidentiality impact against site visitors. The vulnerability is classified under CWE-80 and was disclosed by Patchstack, who titled the finding 'Arbitrary Shortcode Execution' - indicating that the XSS payload is delivered through unsanitized shortcode rendering rather than a conventional input field. No public exploit code exists and no active exploitation has been confirmed at time of analysis.