Impact
An unauthenticated Cross Site Scripting vulnerability exists in the Kids Zone – Children WordPress Theme through version 5.4. By injecting malicious JavaScript, an attacker can execute code within the browser context of any site user, potentially leading to session hijacking, cookie theft, defacement, or the delivery of secondary payloads. The weakness is rooted in unsafe handling of user-supplied data, as indicated by CWE‑79.
Affected Systems
All instances of the Kids Zone – Children WordPress Theme from Design Themes with a version number of 5.4 or earlier are affected. This includes any WordPress installation using the theme up to and including the 5.4 release.
Risk and Exploitability
The CVSS score of 7.1 classifies the vulnerability as high severity. With no EPSS score available and the issue not listed in the CISA KEV catalog, the exact exploitation probability is unclear, but the unauthenticated nature of the flaw and the lack of hardening in the theme suggest that exploitation is straightforward for an attacker with access to a page rendering the vulnerable theme.
OpenCVE Enrichment