The WordPress Theme Greenmar versions < 2.5.2 have a known XSS vulnerability.
This is a Reflected XSS vulnerability. This means an attacker can craft a URL request and output (reflect) script/code to the page.
On the surface this might not seem like a big deal.
Let’s say I’m an attacker and I want to get steal the websites admin password.
I could craft a link that inserts javascript that will capture the input and pass the data to another site.
I craft a link, trick the admin to login through this link and steal their login data.
Additionally, this could be used to create a phishing page, overlaying the HTML of the page with code to login. Start a spam campaign and use the site with an XSS to launch a massive phishing campaign.
If you’re running the Greenmart theme, please update to the latest version 2.5.2 immediately.