Screen-shot of the Blaze theme XSS vulnerability:
According to developer's Themeforest profile, 5482 sales have been completed. Potential number of affected customers is however unknown. I tested 26 separate websites using Flow/Devatic themes. Most of the sites are using WordPress version 3.4.x and at least two are using the latest version. All tested sites were vulnerable to reflected Cross-site Scripting.