WordPress U-Design Theme 2.7.9 Cross Site Scripting

2015.10.07
Credit: K3n4nG
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:/wp-theme/u-design/

u-desing is a wordpress theme prone to DOM XSS vulnerability. Vendor url: http://themeforest.net/item/udesign-responsive-wordpress-theme/253220 versions between 2.7.9 ? (Updated: 08.05.2015) and 2.3.0 ? (Updated: 04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be exploited by adding #<svg onload=alert(1)> to the end of the url. Vendor already patched the vulnerability on higher versions, but there are still a lot of people/companies are using vulnerable ones. Dork: inurl:/wp-theme/u-design/ You can check the version from: /wp-content/themes/u-design/style.css CVE Reference: CVE-2015-7357 Author: @K3n4nG

References:

http://themeforest.net/item/udesign-responsive-wordpress-theme/253220


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top