Impact
The vulnerability is a reflected Cross Site Scripting flaw that allows an attacker to inject and execute arbitrary JavaScript in the browsers of site visitors. Because the flaw is not limited by authentication or authorization controls, any user who accesses a page containing the vulnerable input can become a victim, potentially leading to session hijacking, credential theft, or defacement. The weakness is a typical input handling issue classified under CWE-79, where the application fails to properly sanitize user supplied data before reflecting it back in an HTML response.
Affected Systems
WordPress sites that have installed the Mythemes my flatonica theme version 0.0.8 or earlier. The issue specifically affects that theme package and is not present in newer releases of the theme.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity for this type of vulnerability. The exploit probability (EPSS) is not available, and the flaw is not listed in the CISA KEV catalog, suggesting no widespread public exploitation yet. Attackers can exploit this vector simply by crafting a URL or form input containing malicious script and having unsuspecting users visit the site. Because the flaw is unauthenticated and reflected, it can be triggered without any administrative access, making it a low‑barrier threat for attackers.
OpenCVE Enrichment