CVE-2026-24973 WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...