Fruitful < 3.8.2 – Authenticated Stored XSS & Theme Options Deletion | CVE 2020-36704 | Theme Vulnerabilities

Description

The lack of capability and nonce checks in the fruitful_data_save ajax call could allow attacker to perform stored XSS attack using a low privilege account.

"Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users:

fruitful_reset_btn: this action will delete the theme options.
fruitful_add_new_slide_action: this action only adds one or more input fields while editing the theme. No damage can be done to the website though.
run_import_dummy_data: this action will throw a fatal error because it attempts to call another function that does not exist."

Affects Themes

Fixed in 3.8.2

References

CVE

URL

https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Verified

No

WPVDB ID

bf7b2787-9fbd-48d4-a91b-ab27a96d4f68

Timeline

Publicly Published

2020-03-13 (about 6 years ago)

Added

2020-03-13 (about 6 years ago)

Last Updated

2023-06-08 (about 2 years ago)

Other

Published

Title

Published

2012-03-21

Title

Video Embed Thumbnail Generator < 2.0 - FPD & RCE

Published

2014-10-17

Title

XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)

Published

2019-09-20

Title

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export

Published

2014-12-14

Title

Lightbox Photo Gallery 1.0 - CSRF/XSS

Published

2014-08-01

Title

Slash WP - FPD, XSS & CS vulnerabilities