WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Love Travel 2.0-3.8 - Unauthenticated Reflected XSS & XFS

Description

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Love Travel theme for WordPress, affected versions: 2.0-3.8. Vulnerable parameters: keyword, date_from, date_to, price_from_to, nicdark_price_from, nicdark_price_to

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Themes

lovetravel
No known fix

References

URL
https://ex-mi.ru/exploit/[2020-09-09]-[WordPress]-love-travel-theme-v3.8.txt
URL
https://themeforest.net/item/love-travel-creative-travel-agency-wordpress/7704831

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website
https://ex-mi.ru/
Verified

Yes

WPVDB ID
39ac3290-772d-45b6-a30f-edd907c5539c

Timeline

Publicly Published

2020-11-12 (about 2 years ago)

Added

2020-11-12 (about 2 years ago)

Last Updated

2020-11-13 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin