Impact
The flaw is an unauthenticated cross‑site scripting (XSS) vulnerability that exists in the Artale | Wedding Photography WordPress theme up to version 2.2.2. An attacker can inject arbitrary JavaScript into the output of the theme, which is then executed in the browsers of visitors who view the affected pages. This can lead to malicious code execution, cookie theft, defacement, or the delivery of further malware. The weakness is identified as CWE‑79.
Affected Systems
The vulnerability affects the ThemeGoods Artale | Wedding Photography WordPress theme. All installations running version 2.2.2 or earlier are vulnerable. No newer fixed versions are listed in the available data.
Risk and Exploitability
The reported CVSS score of 7.1 indicates a high severity level but the EPSS score is not available, so the current probability of exploitation is uncertain. The vulnerability is not listed in the CISA KEV catalog, reducing the likelihood that a widely‑known exploit is already in circulation. An attacker can exploit the flaw without authentication, typically by sending a crafted payload to the vulnerable input on a public page or through a public form. Because the vector is remote and requires no special privileges, entities running affected versions should consider the risk high.
OpenCVE Enrichment