Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adazing | morning_coffee | 3.4 |
| adazing | morning_coffee | 2.7 |
| adazing | morning_coffee | 3.0 |
| adazing | morning_coffee | 3.2 |
| adazing | morning_coffee | 2.9 |
| adazing | morning_coffee | 3.1 |
| adazing | morning_coffee | * |
| adazing | morning_coffee | 2.8 |