What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
Child Themes contains a cross-site scripting (XSS) vulnerability that allows an attacker to inject malicious scripts into the site. The vulnerability affects versions 0 through 1.0.1. An attacker can craft a malicious link that, when clicked by a site visitor, executes arbitrary JavaScript in their browser. This can lead to session hijacking, credential theft, or malware distribution.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in visitors' browsers when they click a crafted link.
Potential impact on your site
04Site Impact
Visitors' sessions can be hijacked, credentials stolen, or malware injected into your site.
Conditions required to exploit
05Prerequisites
A site visitor must click an attacker-supplied link while logged in or viewing the site.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated