Impact
Unauthenticated Cross Site Scripting (XSS) is present in versions of the WordPress Sonaar theme up to 4.27.4. An attacker can inject arbitrary script into page content that is rendered for any visitor. This can lead to session hijacking, defacement, or malicious redirects. The weakness originates from unsanitized input handling in the theme’s template files, consistent with CWE‑79.
Affected Systems
The affected product is the WordPress Sonaar theme supplied by SONAAR MUSIC:Sonaar. Versions 4.27.4 and earlier are vulnerable. Any WordPress site that has installed one of these versions is at risk.
Risk and Exploitability
The CVSS score of 7.1 indicates a high‑level impact. EPSS is not available, so current exploit probability is unknown. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw is unauthenticated and relies on user‑controlled input, an attacker can exploit it from any remote host that can load the affected pages. No additional authentication or privileged conditions are required.
OpenCVE Enrichment