Themes Vulnerabilities

Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)

Description

This theme has a parameter, s, that allows execute a xss payload: "><script>alert(0)</script>

Proof of Concept

Affects Themes

supreme-directory
Fixed in 1.1.9

References

URL
https://wpgeodirectory.com/downloads/supreme-directory/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Franciny Salles and Flavio Landivar
Submitter website
http://www.hackingxsolutions.com/
Submitter twitter
fran_bl4kd43m0n
Verified
No
WPVDB ID
fa470a1b-4ea0-497a-bd79-50725ed3b27e

Timeline

Publicly Published
2018-08-19 (about 7 years ago)
Added
2018-08-21 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-04-09
Title
Waymark < 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-14
Title
Post and Page Builder by BoldGrid < 1.27.6 - Contributor+ Stored XSS
Published
2025-09-22
Title
Ads by WPQuads <= 2.0.94 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-05-07
Title
SKT Addons for Elementor < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block
Published
2023-09-01
Title
authLdap < 2.6.2 - Admin+ Stored XSS