The GT3themes SOHO - Photography WordPress Theme up to version 3.0.3 contains a DOM-based Cross-site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. This vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim's browser, potentially leading to partial compromise of confidentiality, integrity, and availability. The CVSS v3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. No patch or official remediation details are currently available.

Successful exploitation of this vulnerability can result in partial loss of confidentiality, integrity, and availability of the affected system or user data. The attack requires user interaction and can be performed remotely over the network. The scope of impact extends beyond the vulnerable component, indicating potential broader effects on the system or application.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider limiting exposure by disabling or restricting use of the vulnerable theme and applying standard web application security controls where applicable. Monitor GT3themes and WordPress security advisories for updates regarding patches or mitigations.