Themes Vulnerabilities

Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)

Description

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature

Proof of Concept

Affects Themes

wyzi-business-finder
Fixed in 2.4.3

References

CVE
CVE-2022-1164

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
157a9a76-3e5f-4d27-aefc-cb9cb88b3286

Timeline

Publicly Published
2021-02-06 (about 4 years ago)
Added
2021-02-06 (about 4 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2024-03-28
Title
wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-03
Title
Brave < 0.7.0 - Admin+ Stored XSS
Published
2024-10-15
Title
Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-12-27
Title
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
Published
2025-04-02
Title
PeproDev CF7 Database <= 2.0.0 - Unauthenticated Stored Cross-Site Scripting