The GT3themes Oyster - Photography WordPress Theme versions up to 4.4.3 contain a DOM-based Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. This allows an attacker to inject malicious scripts that execute in the context of the victim's browser, potentially leading to information disclosure, modification, or disruption of service. The vulnerability has a CVSS 3.1 base score of 7.1, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, and scope changed. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability can lead to partial compromise of confidentiality, integrity, and availability of the affected system or user data. Specifically, an attacker could execute arbitrary scripts in the victim's browser, potentially stealing sensitive information, manipulating content, or causing denial of service conditions. The vulnerability does not require privileges but does require user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or replacing the affected theme to mitigate risk. Applying general security best practices such as limiting user interaction with untrusted content may reduce exposure but do not fully mitigate the vulnerability.