Classipress theme is prone to a stored cross-site scripting vulnerability because of input failure through the POST parameters ‘facebook_id’ and ‘twitter_id’ in a registered user’s profile page. It allows an attacker to inject Javascript code.
Update the theme.