Themes Vulnerabilities

Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The truemag WordPress theme was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Themes

truemag
No known fix

References

CVE
CVE-2016-10994
URL
https://packetstormsecurity.com/files/#136850/
URL
https://seclists.org/fulldisclosure/2016/Apr/92
URL
https://www.vulnerability-lab.com/get_content.php?id=1839

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
941ffe07-2641-49d9-8eb9-4f3bb000e685

Timeline

Publicly Published
2016-04-29 (about 10 years ago)
Added
2016-04-30 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-10-09
Title
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Published
2024-09-12
Title
Product Slider for WooCommerce < 1.13.51 - Reflected Cross-Site Scripting
Published
2025-03-20
Title
Feedify – Web Push Notifications < 2.4.6 - Reflected XSS
Published
2023-10-16
Title
Protección de Datos RGPD <= 3.1.0 - Reflected XSS
Published
2022-09-26
Title
Sabai Discuss < 1.4.14 - Reflected Cross Site Scripting