WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

Description

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.

Proof of Concept

On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert(1)%3C/script%3E

Affects Plugins

themify-ptb-search
Fixed in version 1.4.0

References

CVE
CVE-2022-1047

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Kevin Barbón García, David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo

Submitter

Kevin Barbón García

Submitter website
https://blog.asturhackers.com
Submitter twitter
AsturHackers
Verified

Yes

WPVDB ID
078bd5f6-64f7-4665-825b-9fd0c2b7b91b

Timeline

Publicly Published

2022-04-12 (about 9 months ago)

Added

2022-04-12 (about 9 months ago)

Last Updated

2022-04-13 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin