ListingPro < 2.5.4 - Unauthenticated Reflected XSS



Description
Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3


Edit - WPScanTeam:
January 13th, 2020 - Report Received & Envato Contacted
January 13th, 2020 - Envato Investigating
January 15th, 2020 - Theme updated, v2.5.4, fixing the issue
Proof of Concept The PoC will be displayed on January 29, 2020, to give users the time to update.

Affects Theme

fixed in version 2.5.4

References

URL https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher m0ze
Submitter m0ze
Submitter Twitter m0ze_ru
Views 1551
Verified No
WPVDB ID 10025

Timeline

Publicly Published 2020-01-15 (8 days ago)
Added 2020-01-15 (7 days ago)
Last Updated 2020-01-20 (2 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin