Themes Vulnerabilities

Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting

Description

Julio Potier, from Secupress, found an authenticated (admin+) reflected XSS in the Newspaper theme.

Affects Themes

Newspaper
Fixed in 10.3.4

References

URL
https://secupress.me/blog/newspaper-theme-xss-1033/.https://themeforest.net/item/newspaper/5489609

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Julio Potier
Verified
No
WPVDB ID
aa8cde8b-46a0-43d0-8e64-fe50b4798cdf

Timeline

Publicly Published
2020-06-03 (about 5 years ago)
Added
2020-06-03 (about 5 years ago)
Last Updated
2020-06-03 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Thank You Counter Button - Multiple Stored Cross-Site Scripting (XSS)
Published
2025-03-11
Title
WP Last Modified <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-02-02
Title
WP Booking System < 2.0.18.1 - Admin+ Stored XSS
Published
2025-09-11
Title
Woocommerce Envato Affiliates <= 1.2.1 - Reflected Cross-Site Scripting
Published
2022-11-10
Title
WPUpper Share Buttons < 3.43 - Admin+ Stored XSS