CVE-2020-37235

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

WordPress plugin theme Wibar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Wibar < 1.2.1 - Authenticated Stored Cross-Site Scripting

The theme contains a Brands feature which is vulnerable to stored Cross Site Scripting XSS within the logo URL parameter. Edit WPScanTeam November 27th, 2020 - Vendor Contacted via https://themeftc.ticksy.com/submit/ November 28th-29th, 2020 - Exchanges with vendor's support but they do not...

WordPress Wibar Theme 1.1.8 Cross Site Scripting

Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...