Zorka
Monthly
G5Theme Zorka WordPress theme versions up to and including 1.5.7 contain a Reflected Cross-Site Scripting (XSS) vulnerability that fails to properly neutralize user input during web page generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, allowing the attacker to execute arbitrary JavaScript in the victim's browser session, potentially stealing session cookies, credentials, or performing actions on behalf of the user. No CVSS score, EPSS probability, or KEV status has been assigned, but the vulnerability is confirmed by Patchstack with a clear attack vector.
G5Theme Zorka WordPress theme versions up to and including 1.5.7 contain a Reflected Cross-Site Scripting (XSS) vulnerability that fails to properly neutralize user input during web page generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, allowing the attacker to execute arbitrary JavaScript in the victim's browser session, potentially stealing session cookies, credentials, or performing actions on behalf of the user. No CVSS score, EPSS probability, or KEV status has been assigned, but the vulnerability is confirmed by Patchstack with a clear attack vector.