Mediumish <= 1.0.47 – Unauthenticated Reflected Cross-Site Scripting (XSS) | CVE 2021-24316 | Theme Vulnerabilities

Description

The search feature of the theme does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.

The vendor has been unresponsive to any form of contact

Proof of Concept

https://example.com/?post_type=post&s=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E

https://www.themepush.com/demo-mediumish/?post_type=post&s=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E

Affects Themes

No known fix

References

CVE

URL

https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt

URL

https://www.wowthemes.net/themes/mediumish-wordpress/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

m0ze

Submitter

m0ze

Submitter website

https://m0ze.ru

Submitter twitter

Verified

Yes

WPVDB ID

57e27de4-58f5-46aa-9b59-809705733b2e

Timeline

Publicly Published

2021-05-16 (about 4 years ago)

Added

2021-05-16 (about 4 years ago)

Last Updated

2021-05-17 (about 4 years ago)

Other

Published

Title

Published

2023-09-25

Title

ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

Published

2025-04-04

Title

Ultra Addons Lite for Elementor < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-07-04

Title

WP Content Copy Protection & No Right Click < 3.5.6 - Admin+ Stored XSS

Published

2024-03-15

Title

WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-10-24

Title

Breeze < 2.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting