Paul Loftness

**Name of the Vulnerable Software and Affected Versions** Classipress theme versions prior to 3.1.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `twitter id` parameter related to the Twitter widget and the `facebook id` parameter related to the Facebook widget. This can be exploited to conduct cross-site scripting (XSS) attacks. **Recommendations** For Classipress theme versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Twitter and Facebook widgets until the update is applied. Avoid using the `twitter id` and `facebook id` parameters in the affected widgets until the issue is resolved.