CVE Catalog
CVE-2025-69156
HighCVSS 7.1Summary
An unauthenticated Cross Site Scripting (XSS) vulnerability exists in the Kids Zone - Children WordPress theme version 5.4 and earlier. It allows a remote attacker to inject malicious JavaScript code without requiring authentication.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or exfiltrate sensitive data from the WordPress admin panel.
Recommendation
Immediately update the Kids Zone - Children theme to a version newer than 5.4. If no update is available, consider temporarily disabling the theme and replacing it with a secure alternative.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

