Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion



Description
The lack of capability and nonce checks in the fruitful_data_save ajax call could allow attacker to perform stored XSS attack using a low privilege account.

"Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users:

fruitful_reset_btn: this action will delete the theme options.
fruitful_add_new_slide_action: this action only adds one or more input fields while editing the theme. No damage can be done to the website though.
run_import_dummy_data: this action will throw a fatal error because it attempts to call another function that does not exist."

Affects Theme

fixed in version 3.8.2

References

URL https://blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 3750
Verified No
WPVDB ID 10128

Timeline

Publicly Published 2020-03-13 (3 months ago)
Added 2020-03-13 (3 months ago)
Last Updated 2020-03-14 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin