CVE-2016-10957

Name of the Vulnerable Software and Affected Versions Akal theme for WordPress versions through 2016-08-22

Description The issue concerns a cross-site scripting (XSS) problem. It is related to the sc parameter in the framework/brad-shortcodes/tinymce/preview.php file.

Recommendations For Akal theme for WordPress versions through 2016-08-22, consider disabling access to the preview.php file in the framework/brad-shortcodes/tinymce directory until a fix is available. Avoid using the sc parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.