BigFeature WordPress premium theme by Vfxdude is vulnerable to reflected Cross-site Scripting (XSS).
Developer status: notified. Developer response: issue has been fixed
Screen-shot of the XSS test:
Theme upgade is recommended. Theme developer has a support forum and online FAQ.
The number of affected sites is unknown. Themeforest statistics indicates that 4636 purchases have been completed. I tested nine different sites using this theme and they were all affected.
What's Cross-site Scripting - MakeUseOf-article, July 2012
Why XSS is so serious business a blog post by Troy Hunt, August 2012
The Open Web Application Security Project (OWASP) TOP-10-A2