- BigBang (1,229 purchases), AirWP (946 purchases) and ZigZag (1,978 purchases) by Brankic1979
- Convergence (1,941 purchases) by Maximus
Developer status: notified, no responses.
Based on the Themeforest purchase statistics, over 6,000 sites could be affected.
Convergence XSS test example - remote iframe injection:
Because the number of potentially affected sites is high, it would be important to spread this information.
WordPress Themes: XSS Vulnerabilities and Secure Coding Practices by Tony Perez