Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting



Description
Julio Potier, from Secupress, found an authenticated (admin+) reflected XSS in the Newspaper theme.

Affects Theme

fixed in version 10.3.4

References

URL https://secupress.me/blog/newspaper-theme-xss-1033/.https://themeforest.net/item/newspaper/5489609

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Julio Potier
Views 1535
Verified No
WPVDB ID 10253

Timeline

Publicly Published 2020-06-03 (about 1 month ago)
Added 2020-06-03 (about 1 month ago)
Last Updated 2020-06-03 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin