Vulnerability Summary Title: WordPress xSmart Theme <= 1.2.9.4 is vulnerable to a medium priority Cross Site Scripting (XSS) Priority: Medium Security Risk: CVSS 7.1 Risks: - User Interaction Required: Successful exploitation requires a privileged user to perform an action. - Cross Site Scripting (XSS): Malicious actors can inject malicious scripts. Solutions: - Automatically mitigate vulnerabilities using Patchstack. Details: - Software: xSmart Theme - Vulnerable Versions: <= 1.2.9.4 - OWASP Top 10: A3: Injection Timeline: - Reported by: Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) on 8 Sep, 2025 Additional Information Patchstack offers fastest vulnerability mitigation. Currently, there is no official fix available.