Themes Vulnerabilities

Multiple Parallelus Themes - Reflected Cross-Site Scripting (XSS)

Description

Multiple themes from the Parallelus vendor were affected by reflected Cross-Site Scripting issues:

Unite (closed) - https://themeforest.net/item/unite-wordpress-business-magazine-theme/90959 / http://para.llel.us/themes/unite-wp/
Salutation - https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199 / http://para.llel.us/themes/salutation-wp/
Intersect (closed) - https://themeforest.net/item/intersect-wordpress-theme/86535 / http://para.llel.us/themes/intersect-wp/
Traject (closed) - https://themeforest.net/item/traject-wordpress-portfolio-and-business-theme/116671 / http://para.llel.us/themes/traject-wp/

Affects Themes

parallelus-unite
Fixed in 2.0
parallelus-salutation
Fixed in 2.0
parallelus-intersect
Fixed in 2.0
parallelus-traject
Fixed in 2.0

References

URL
https://jannefi.blogspot.com/2012/10/xss-vulnerability-in-parallelus-premium.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Janne Ahlberg
Verified
No
WPVDB ID
9909f60b-3830-4f95-99fd-3dde185471fe

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2021-02-08 (about 5 years ago)

Other

Published
Title
Published
2025-10-21
Title
This-or-That by André Boekhorst <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2017-08-17
Title
Embed Images in Comments <= 0.5 - Unauthenticated Stored XSS
Published
2025-04-07
Title
Global Gallery <= 8.8.0 - Reflected Cross-Site Scripting
Published
2025-10-10
Title
Blox Lite <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-05-07
Title
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.9.2 - Authenticated (Custom) Stored Cross-Site Scripting