The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.
https://www.wowthemes.net/themes/mediumish-wordpress/
https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e