Fernando Barbosa

**Name of the Vulnerable Software and Affected Versions** Newspaper theme versions prior to 6.7.2 **Description** The issue concerns script injection via the `td ads[header]` variable to the "admin-ajax.php" endpoint. This allows for malicious script execution. **Recommendations** For versions prior to 6.7.2, update to version 6.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin-ajax.php" endpoint to minimize the risk of exploitation. Avoid using the `td ads[header]` variable in the affected endpoint until the issue is resolved.