2 matches found
Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Due to an incomplete fix of CVE-2020-16140 see https://wpscan.com/vulnerability/10444, the reflected XSS attack is still possible on unauthenticated users, by extracting the searchnonce from the source of the homepage and adding it to the original payload. This is possible because WP nonces are...
CVE-2020-16140
CVE-2020-16140 – Greenmart theme (WordPress) vulnerability : The Greenmart theme 2.4.2 has a reflected Cross‑Site Scripting (XSS) flaw in its search function. The issue stems from improper sanitisation in the greenmart_autocomplete_search AJAX action, where the callback parameter is not properly ...