Vulnerability in Yootheme
CVE-2026-10077
The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp_kses_post(), as markup, allowing users with the Author role to perform Stored Cros…
Affected products
- Unknown Yootheme — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)