Themes Vulnerabilities

WeeklyNews Premium Theme < 2.2.9 - Cross-Site Scripting (XSS)

Description

Vendor confirmed fixed in as 2.2.9 although this issue was not mentioned in the changelog.

Proof of Concept

Affects Themes

weeklynews
Fixed in 2.2.9

References

CVE
CVE-2015-9504
URL
https://themeforest.net/item/weekly-news-wordpress-newsmagazine-theme/9214110

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ptsx
Verified
No
WPVDB ID
332fc453-5cde-40c6-b00c-f739d6906e52

Timeline

Publicly Published
2015-05-03 (about 11 years ago)
Added
2015-05-04 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-16
Title
Google Map on Post/Page <= 1.1 - Reflected Cross-Site Scripting
Published
2024-11-18
Title
TM Islamic Helper <= 1.0.1 - Reflected Cross-Site Scripting
Published
2025-03-24
Title
newseqo <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-11-02
Title
Video Thumbnails <= 2.12.3 - Admin+ Stored XSS
Published
2024-10-31
Title
Display Terms Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting