This vulnerability in sparklewpthemes Spark Multipurpose theme (versions up to 1.0.7) is a DOM-based Cross-site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. An attacker with low privileges and requiring user interaction can exploit this to execute arbitrary scripts in the victim's browser, potentially leading to partial compromise of confidentiality, integrity, and availability. The CVSS 3.1 base score is 6.5, reflecting medium severity with network attack vector, low attack complexity, and requiring user interaction.

Successful exploitation of this DOM-based XSS vulnerability can lead to limited disclosure of information, modification of data, and disruption of service within the context of the affected web application. The attacker must have low privileges and rely on user interaction to trigger the exploit. There are no reports of active exploitation in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor for updates from sparklewpthemes. Until a fix is available, consider applying temporary mitigations such as input validation or output encoding if feasible within the theme code. Avoid granting unnecessary privileges to users and educate users to be cautious with suspicious links to reduce risk from user interaction requirements.