2109 matches found
Workup – Job Board < 2.1.6 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Workup – Job Board WordPress Theme», tested version — v2.1.5. PoC...
Workio – Job Board < 1.0.3 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Workio – Job Board WordPress Theme», tested version — v1.0.1. PoC https://www.demoapus-wp1.com/workio/jobs-grid-v1/?filter-title=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...
Findus - Directory Listing < 1.1.15 - Authenticated Persistent XSS
Authenticated Persistent XSS vulnerability was discovered in the «Findus - Directory Listing WordPress Theme», tested version — v1.1.14. PoC Injected payload will trigger in the admin dashboard, in the «My listings» page and on listing page itself. POST /submit-listing/ HTTP/1.1 Host: example.com...
Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Prolisting - Directory Listing WordPress Theme», tested version — v1.2. PoC https://demoapus.com/prolisting/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E...
Kormosala – Job Board < 1.0.23 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Kormosala – Job Board WordPress Theme», tested version — v1.0.22. PoC...
Findgo - Directory Listing < 1.3.32 - Unauthenticated Reflected and Authenticated Stored XSS
Multiple Cross-Site Scripting XSS vulnerabilities were discovered in the «Findgo - Directory Listing WordPress Theme», tested version — v1.3.30. PoC PoC Unauthenticated Reflected XSS: https://demoapus.com/findgo/listings/?searchdistance=%22%3E%3Cimg%20src=x%20onerror=alertXSS%3E PoC Authenticated...
Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection
Unauthenticated Reflected XSS and SQL Injection vulnerabilities were discovered in the «Nexos - Real Estate WordPress Theme», tested version — v1.7. June 17th, 2020 - Confirmed & Escalated to Envato. June 19th, 2020 - v1.8 released. Fixing the issues. PoC PoC Unauthenticated Reflected XSS:...
Travel Booking < 2.8.2 - Unauthenticated Reflected XSS
Unauthenticated Reflected XSS vulnerability was discovered in the «Travel Booking WordPress Theme», tested version — v2.8.1. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato. June 18th, 2020 - v2.8.2 released, fixing the issue. PoC...
Wordpress ripro day theme has file upload vulnerability
The ripro Day Theme is a WordPress theme for the pay for resources genre. Wordpress ripro day theme has a file upload vulnerability that can be exploited by remote attackers to extract power and obtain data illegally...
WordPress Dosimple Theme 2.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a cross site web vulnerability in...
Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability
Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2251 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 225...
WordPress OneTone theme cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.OneTone theme is a responsive website theme plugin used in it. A cross-site scripting vulnerability exists in the...
Grimag < 1.1.1 - Open Redirection
Description The Grimag WordPress theme was affected by an Open Redirection security vulnerability. PoC /wp-content/themes/Grimag/go.php?https://example.com...
Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" PoC Ad...
CarSpot < 2.2.3 - Multiple Vulnerabilities
Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...
Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues
Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...
TownHub < 1.0.6 - Multiple Vulnerabilities
Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...
Superlist <= 2.9.2 - Stored Cross-Site Scripting (XSS)
Persistent XSS was discovered in the 'Superlist - Directory WordPress Theme', the version tested was v2.9.2. Edit WPScanTeam: December 2nd, 2019 - Envato Contacted December 2nd, 2019 - Envato Investigating December 12th, 2019 - No updates, disclosing PoC The PoC will be displayed once the issue h...
CVE-2015-9504
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...
WordPress ThemeMakers Blessing Premium Responsive theme Information Disclosure Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ThemeMakers Blessing Premium Responsive theme is a religious website theme plugin used in it. A security vulnerability exists in...