Cross-Site Scripting Vulnerability in U-Design Theme for WordPress
CVE-2015-7357
6.1MEDIUM
What is CVE-2015-7357?
A Cross-Site Scripting (XSS) vulnerability exists in the U-Design WordPress theme versions prior to 2.7.10, which allows remote attackers to inject arbitrary web scripts or HTML via a fragment identifier. This can potentially lead to malicious actions such as stealing session cookies or redirecting users to harmful sites.