The theme contains a Brands feature which is vulnerable to stored Cross Site Scripting (XSS) within the logo URL parameter. Edit (WPScanTeam) November 27th, 2020 - Vendor Contacted via https://themeftc.ticksy.com/submit/ November 28th-29th, 2020 - Exchanges with vendor's support but they do not understand the issue. November 30th, 2020 - Escalated to Envato and disclosure December 3rd, 2020 - v1.2.1 released, apparently fixing the issue (but we were not able to confirm)
2020-11-30 (about 2 years ago)
2020-11-30 (about 2 years ago)
2020-12-03 (about 2 years ago)