Themes Vulnerabilities

Salient Theme < 5.5.53 - DOM Cross-Site Scripting (XSS)

Description

The Salient theme comes budled with a vulnerable version of PrettyPhoto which can be found in http://www.example.com/wp-content/themes/salient/js/prettyPhoto.js

Affects Themes

salient
Fixed in 5.5.53

References

URL
https://github.com/scaron/prettyphoto/issues/149
URL
https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fd04fd1d-64fb-4502-a91b-fecc2f1ba5a6

Timeline

Publicly Published
2015-06-16 (about 10 years ago)
Added
2015-06-16 (about 10 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2022-11-16
Title
WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS
Published
2025-11-04
Title
Graphina – Elementor Charts and Graphs < 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets
Published
2025-05-02
Title
Category Widget <= 2.0.2 - Reflected Cross-Site Scripting
Published
2023-12-07
Title
WP Project Manager < 2.6.9 - Subscriber+ Stored XSS
Published
2024-07-23
Title
WP Booking Calendar < 10.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode