CVE-2024-43276

Name of the Vulnerable Software and Affected Versions Child Theme Creator versions 1.5.4 and earlier

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows Reflected XSS. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the vulnerability in the Child Theme Creator, which allows an attacker to inject malicious code. No specific API endpoints, vulnerable parameters, or function names are mentioned.

Recommendations For versions 1.5.4 and earlier, update to version 1.5.5 to resolve the issue. As a temporary workaround, consider restricting input to prevent malicious code injection until a patch is applied. Avoid using the Child Theme Creator until the issue is resolved.