Themes Vulnerabilities

Jetapo < 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

An Unauthenticated Reflected XSS vulnerability was discovered in the Jetapo theme through 1.0.0 for WordPress.

Proof of Concept

Affects Themes

jetapo-with-woocommerce
Fixed in 1.1
jetapo
Fixed in 1.1

References

URL
https://themeforest.net/item/jetapo-jobboard-wordpress-theme/25398118
URL
https://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-07-02-jetapo-jobboard-wordpress-theme-v1-0-0.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Submitter
VLΛD VΞCTOR
Submitter website
https://vladvector.ru
Submitter twitter
vlad_vector
Verified
Yes
WPVDB ID
13aeadaa-643b-4064-8523-6ce971195c3f

Timeline

Publicly Published
2020-07-13 (about 5 years ago)
Added
2020-07-13 (about 5 years ago)
Last Updated
2020-07-15 (about 5 years ago)

Other

Published
Title
Published
2024-09-30
Title
QS Dark Mode Plugin < 3.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Published
2025-04-11
Title
Real Testimonials < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-09
Title
Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
Published
2023-02-14
Title
Quick Paypal Payments < 5.7.26 - Unauthenticated Payment Message Deletion/Update
Published
2024-06-06
Title
Comments – wpDiscuz < 7.6.19 - Authenticated (Contributor+) Stored Cross-Site Scripting