TownHub < 1.3.0 – Unauthenticated Reflected XSS | Theme Vulnerabilities

Description

Unauthenticated Reflected XSS vulnerability was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.2.9.

Edit (WPScanTeam)
June 17th, 2020 - Confirmed & Escalated to Envato
June 18th, 2020 - v1.3.0 released, fixing the issue

Proof of Concept

https://example.com/?search_term=&location_search=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS1`)%3E&distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&nearby=&address_lat=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E&address_lng=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS4`)%3E&lcats[]=195

Affects Themes

Fixed in 1.3.0

References

URL

https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vlad Vector

Submitter

VLΛD VΞCTOR

Submitter website

https://vladvector.ru

Submitter twitter

Verified

Yes

WPVDB ID

007a1efd-86e4-491b-947a-d172c81621d5

Timeline

Publicly Published

2020-06-19 (about 5 years ago)

Added

2020-06-19 (about 5 years ago)

Last Updated

2020-06-20 (about 5 years ago)

Other

Published

Title

Published

2024-11-25

Title

Spotify Play Button for WordPress < 2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode

Published

2025-04-17

Title

Modal Survey <= 2.0.2.0.1 - Reflected Cross-Site Scripting

Published

2017-10-08

Title

Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)

Published

2022-04-05

Title

Pricing Table <= 1.5.2 - Author+ Stored Cross-Site Scripting

Published

2024-12-03

Title

B Testimonial – testimonial plugin for WP < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting