Fruitful Theme < 3.8.1 – Unauthenticated Reflected Cross-Site Scripting (XSS) | Theme Vulnerabilities

Description

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.

The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions:

"Bug fix: Fixed issues on comment form"

Proof of Concept

Add a Cross-Site Scripting (XSS) payload to the 'Name' field of the comment section and submit the form.

This will result in the following HTTP Post body:

comment=This+is+a+test+comment.&author=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22&email=&url=&submit=Post+Comment&comment_post_ID=1&comment_parent=0

Affects Themes

Fixed in 3.8.1

References

Exploitdb

URL

https://packetstormsecurity.com/files/#156390/

URL

https://github.com/Fruitfulcode/Fruitful/issues/58

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Ultra Security Team (Ashkan Moghaddas , AmirMohammad Safari)

Verified

Yes

WPVDB ID

2441dba1-1175-4c32-b493-b31a76b64fa3

Timeline

Publicly Published

2020-02-17 (about 6 years ago)

Added

2020-02-24 (about 6 years ago)

Last Updated

2020-03-13 (about 6 years ago)

Other

Published

Title

Published

2017-11-07

Title

Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2021-12-16

Title

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2019-04-24

Title

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Published

2024-06-06

Title

WP Docs < 2.1.4 - Reflected Cross-Site Scripting

Published

2023-01-20

Title

ProfilePress < 4.5.4 - Admin+ Stored XSS