The greenmart_autocomplete_search AJAX action, available to both authenticated and unauthenticated users does not properly sanitise the callback parameter passed to it, resulting in a reflected Cross-Site Scripting issue. Edit (WPScanTeam): The vendor 'fixed' the issue for authenticated users by adding a nonce rather than escaping the callback parameter. However, the issue still remains for unauthenticated users, the vendor has been notified via Envato and another advisory will be released with the details once fixed.
http://localhost/wp-admin/admin-ajax.php?callback=--%3e%27%22%3e%3csvg/onload=alert(/XSS/)%3e&action=greenmart_autocomplete_search&term=defaultText
Cyber Security Works Pvt. Ltd
Yes
2020-10-28 (about 2 years ago)
2020-10-28 (about 2 years ago)
2020-10-31 (about 2 years ago)