Themes Vulnerabilities

CarSpot < 2.2.3 - Multiple Vulnerabilities

Description

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0:

- Authenticated Persistent XSS -> Registration Form/User Profile
- Authenticated Persistent XSS -> Ad Post
- IDOR leading to arbitrary deletion of ads

Edit (WPScanTeam):
January 17th, 2020 - Report Received & Envato Contacted
January 17th, 2020 - Envato Investigating
January 23rd, 2020 - v2.2.1 released, but issues still present in the demo.
January 24th, 2020 - Envato Contacted again.
January 27th, 2020 - Demo updated to 2.2.1 fixing the issue for new posts/ads but data from previous ones is still not encoded/escaped when output.
February 25th, 2020 - v2.2.3 released, with fixes to encode/escape the stored data from previous versions as well.

Proof of Concept

Affects Themes

carspot
Fixed in 2.2.3

References

URL
https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter twitter
m0ze_ru
Verified
No
WPVDB ID
51b5db02-f859-4ae4-b03d-3a0497a9eeeb

Timeline

Publicly Published
2020-01-27 (about 6 years ago)
Added
2020-01-27 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2015-05-19
Title
FeedWordPress < 2015.0514 - XSS & SQL-Injection
Published
2019-07-01
Title
Newsletter Lite < 4.6.19 - Multiple Issues
Published
2014-12-12
Title
WP Popup <= 1.3 - XSS & CSRF
Published
2017-10-10
Title
My WP Translate < 1.0.4 - CSRF & XSS
Published
2016-04-17
Title
leenk.me < 2.6.0 - XSS & CSRF