Themes Vulnerabilities

Your Journey theme <= 1.9.8 - Reflected Cross-Site Scripting via Prototype Pollution

Description

The plugin does not properly sanitize input and escape output, resulting in a vulnerability to Reflected Cross-Site Scripting via prototype pollution. This could lead to the injection of arbitrary web scripts in pages that execute when a user is tricked into performing an action like clicking a link.

Affects Themes

yourjourney
No known fix

References

CVE
CVE-2023-3933
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
longxi
Verified
No
WPVDB ID
9957ebf1-9970-45ea-8ab1-32315948f4f6

Timeline

Publicly Published
2023-07-26 (about 2 years ago)
Added
2023-11-03 (about 2 years ago)
Last Updated
2023-11-03 (about 2 years ago)

Other

Published
Title
Published
2025-11-07
Title
Insert Headers and Footers Code – HT Script < 1.1.7 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2024-11-08
Title
IA Map Analytics Basic <= 20170413 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-06-13
Title
Async JavaScript < 2.21.06.29 - Authenticated (admin+) Stored XSS
Published
2011-03-17
Title
Sodahead Polls < 2.0.4 - XSS
Published
2026-02-26
Title
AllInOne - Banner Rotator <= 3.8 - Reflected Cross-Site Scripting