Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

2020-12-04T00:00:00
ID WPVDB-ID:C8537E5F-1948-418B-9D29-3CF50CD8F9A6
Type wpvulndb
Reporter Nguyen Anh Tien
Modified 2021-01-22T06:01:13

Description

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post <= 1.1.5 allow low-privileged users (Contributor+) to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded.

PoC

1. As a contributor, go into "Portfolios" tab from the sidebar and create a new Portfolios 2. In the Themify Custom Panel section, Input an XSS vector to : - Date - Client - Services - Link to Launch ex: 3. Publish/Send for review and visit created post/preview as editor/admin to trigger XSS.