It’s not that easy to fix it up. Because XSS is a big problem and the only fix I’d suggest is to update…. But, you can’t do that because I take it that you are not using child themes….
I’d say.. post your query here and directly from the HUEMAN team :-
https://ww.wp.xz.cn/support/theme/hueman
Hi dararede. The theme code was updated on April 22. This is from the changelog:
April 22 2015 – 1.5.5
===========================================================
– Updated to OptionTree 2.5.4
– XSS security fixes
– Added additional Google fonts
That version is waiting on wp.org review and being pushed to the theme repository. If you can’t upgrade your theme then probably the best option is to wait for v1.5.5, download it to your computer, then do a file-by-file comparison between that version and your theme. Based on how old your theme is, there will be other changes and updates included in subsequent versions that are not related to the XSS update.
Even with that, additional vulnerabilities are still being discovered. See this article for an example.
