What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Explanation of Vulnerability in Simple Terms
The Kids Zone WordPress theme contains a cross-site scripting (XSS) vulnerability in versions up to 5.4. An attacker can inject malicious scripts that execute in visitors' browsers when they view affected pages. The vulnerability requires user interaction—typically clicking a crafted link—and can affect other users on the site. Update the theme to a version newer than 5.4.
What an attacker can do
Inject malicious scripts that run in visitors' browsers and steal session cookies or redirect users to phishing sites.
Potential impact on your site
Visitors' browsers can be compromised; their session tokens or personal data may be stolen without your knowledge.
Conditions required to exploit
Visitor must click a malicious link or visit a page containing the attacker's payload; no authentication required.
Key dates
External resources
Related vulnerabilities