The Montezuma theme for WordPress versions 1.1.7 and below is vulnerable to an attack called Reflected Cross-Site Scripting. This means that if someone was able to trick a user into clicking on a link, it could allow them to inject malicious scripts into the page. This is possible because the theme does not properly sanitize and escape the user inputs and outputs.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
