WordPress Exploit Alert: Themes with XSS Vulnerabilities
Finnish product security professional and a penetration tester, Janne Ahlberg, discovered a cross-site scripting (XSS) vulnerability in several WordPress themes.  This vulnerability can be used to remotely execute JavaScript code on the site where the theme is installed.

The WordPress themes in questions are:
-- Unite
-- Salutation
-- Intersect
-- Traject
They are all from the developer Parallelus, and they are sold through Themeforest.net.

If you run a WordPress site and are using any of these themes, please download and install the latest, patched version from either Themeforest.net or the developer directly.
Shared publiclyView activity