MEDIUM
SpabRice
CVE published 2026-05-26
CVE-2026-39642
A Cross-Site Scripting (XSS) vulnerability exists in the Nyla WordPress theme, affecting versions up to and including 1.7. The flaw stems from improper neutralization of script-related HTML tags, enabling code injection. The vulnerability was disclosed on 2026-05-26 and carries a CVSS 3.1 score of 5.3 (Medium severity). The NVD entry currently shows a status of 'Deferred'. A Patchstack advisory identifies [truncated]