Several themes for WordPress, created by DeoThemes, have a vulnerability that could allow unauthenticated attackers to inject malicious web scripts into pages. This is due to the themes not having enough security measures in place to check and filter user input and to properly encode output. If the attacker can get a user to click on a link, the malicious script could be executed.