Impact
The vulnerability is an unauthenticated Cross‑Site Scripting flaw that allows any visitor to inject malicious script into the web pages served by the theme. This flaw is a classic CWE‑79 instance and can lead to compromised user sessions, data theft, or defacement of the site.
Affected Systems
The affected product is the Designthemes "Kids Life | Children School" WordPress theme, specifically all releases up to and including version 5.2.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity risk. The EPSS score is not available, but the vulnerability is unauthenticated, meaning anyone can exploit it by visiting the site. The flaw is not listed in CISA KEV, so there are no known active exploits documented yet, but the lack of authentication makes it widely exploitable.
OpenCVE Enrichment