Skip to main content

Nyla

1 CVEs product

Monthly

CVE-2026-39642 MEDIUM This Month

Basic XSS via arbitrary shortcode execution in the Nyla WordPress theme (versions through 1.7) allows unauthenticated remote attackers to inject script-bearing HTML tags into rendered web pages, resulting in limited confidentiality impact against site visitors. The vulnerability is classified under CWE-80 and was disclosed by Patchstack, who titled the finding 'Arbitrary Shortcode Execution' - indicating that the XSS payload is delivered through unsanitized shortcode rendering rather than a conventional input field. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

XSS Nyla
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Basic XSS via arbitrary shortcode execution in the Nyla WordPress theme (versions through 1.7) allows unauthenticated remote attackers to inject script-bearing HTML tags into rendered web pages, resulting in limited confidentiality impact against site visitors. The vulnerability is classified under CWE-80 and was disclosed by Patchstack, who titled the finding 'Arbitrary Shortcode Execution' - indicating that the XSS payload is delivered through unsanitized shortcode rendering rather than a conventional input field. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

XSS Nyla
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy