Description
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SiteWatch · textwebappsphp
https://www.exploit-db.com/exploits/36187
References (1)
Core 1
Core References
Exploit, URL Repurposed x_refsource_misc
https://sitewat.ch/en/Advisories/24
Scores
EPSS
0.0028
EPSS Percentile
51.6%
Details
CWE
CWE-79
Status
published
Products (5)
ulyssesonline/black-letterhead
1.1
ulyssesonline/black-letterhead
1.2
ulyssesonline/black-letterhead
1.3
ulyssesonline/black-letterhead
1.4
ulyssesonline/black-letterhead
< 1.5
Published
Sep 28, 2011
Tracked Since
Feb 18, 2026