Themes Vulnerabilities

Auberge Theme <= 1.4.4 - DOM Cross-Site Scripting (XSS)

Description

The Auberge WordPress theme was affected by a DOM Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Themes

auberge
Fixed in 1.4.5

References

CVE
CVE-2015-9502
URL
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
771818a5-4a30-43e7-b1fc-31cc235f1442

Timeline

Publicly Published
2015-05-12 (about 11 years ago)
Added
2015-05-14 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-04
Title
LA-Studio Element Kit for Elementor < 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
fbsurveypro - XSS
Published
2024-12-02
Title
Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-15
Title
LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode
Published
2024-10-17
Title
Click to Chat – WP Support All-in-One Floating Widget < 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode