Description
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Published: 2026-07-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated Cross Site Scripting vulnerability exists in the Kids Zone – Children WordPress Theme through version 5.4. By injecting malicious JavaScript, an attacker can execute code within the browser context of any site user, potentially leading to session hijacking, cookie theft, defacement, or the delivery of secondary payloads. The weakness is rooted in unsafe handling of user-supplied data, as indicated by CWE‑79.

Affected Systems

All instances of the Kids Zone – Children WordPress Theme from Design Themes with a version number of 5.4 or earlier are affected. This includes any WordPress installation using the theme up to and including the 5.4 release.

Risk and Exploitability

The CVSS score of 7.1 classifies the vulnerability as high severity. With no EPSS score available and the issue not listed in the CISA KEV catalog, the exact exploitation probability is unclear, but the unauthenticated nature of the flaw and the lack of hardening in the theme suggest that exploitation is straightforward for an attacker with access to a page rendering the vulnerable theme.

Generated by OpenCVE AI on July 2, 2026 at 15:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Kids Zone – Children WordPress Theme to version 5.5 or later
  • If an upgrade cannot be performed immediately, disable or replace the vulnerable theme to remove the XSS surface
  • Remove any injected malicious scripts from the site and conduct a full security audit to confirm all compromised content has been purged

Generated by OpenCVE AI on July 2, 2026 at 15:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Title WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T15:53:51.784Z

Reserved: 2025-12-29T11:19:54.137Z

Link: CVE-2025-69156

cve-icon Vulnrichment

Updated: 2026-07-02T13:33:40.097Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')