Lucene search
Truoc PhanWPVDB-ID:7A244FB1-FA0B-4294-9B51-588BF5D673A2HistorySep 13, 2022 - 12:00 a.m.
Soledad < 8.2.5 - Reflected Cross-site Scripting
2022-09-1300:00:00
Truoc Phan
wpscan.com
11
soledad theme
reflected cross-site scripting
ajax action
xss vulnerability
nonce value
webpage redirect
EPSS
0.001
Percentile
34.0%
The theme does not sanitise the {id,datafilter[type],…} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
PoC
A threat actor can collect the nonce value on the main webpage by searching for it on the ajax_var_more call: var ajax_var_more = {“url”:“https://soledaddemo.pencidesign.net/wp-admin/admin-ajax.php”,“nonce”:“d6c491629c”,“errorPass”:"
Password does not match the confirm password</p>",“login”:“Email Address”,“password”:“Password”,“headerstyle”:“default”}; And then can create a webpage redirecting the user to a compromised version of the site such as:
Related
patchstack
patchstack
cve
cve
CVE-2022-3209
2022-10-10 21:15:11
wpexploit
wpexploit
Soledad < 8.2.5 - Reflected Cross-site Scripting
2022-09-13 00:00:00
nvd
nvd
CVE-2022-3209
2022-10-10 21:15:11
prion
prion
Cross site scripting
2022-10-10 21:15:00
cvelist
cvelist
CVE-2022-3209 Soledad < 8.2.5 - Reflected Cross-site Scripting
2022-10-10 00:00:00
cnvd
cnvd
WordPress soledad cross-site scripting vulnerability
2022-10-12 00:00:00