Impact
An unauthenticated Cross Site Scripting vulnerability exists in the WordPress Trendy Travel theme with versions 6.7 and earlier. This flaw allows an attacker to insert malicious scripts into web pages that are viewed by site visitors, potentially hijacking user sessions, extracting sensitive information, or delivering additional malware. The vulnerability stems from insufficient sanitization of user-supplied input within the theme’s templates, classified under CWE-79.
Affected Systems
DesignThemes’ Trendy Travel WordPress theme is affected for all releases through version 6.7. Users who have not upgraded beyond 6.7 are exposed to the flaw. The specific product is the “Trendy Travel” theme distributed via WordPress theme repositories.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity. With no EPSS data available, the exploitation likelihood is uncertain, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely any unauthenticated user who can access the vulnerable page, making it remotely exploitable via crafted URLs or inputs. An attacker could exploit this to execute arbitrary client‑side code in the browser of any visitor who loads the compromised page.
OpenCVE Enrichment