CarSpot Theme <= 2.1.6 - Authenticated Stored XSS



Description
Bad input field data filtering has been discovered in the «CarSpot – Automotive Car Dealer Wordpress Classified Theme». Current version of this Premium Theme is 2.1.5.
Proof of Concept
Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is zulacone@businessagent.email and passowrd is asdasd. If this account will be deleted, simply create a new one, it's easy.
On the profile page there is one vulnerable input field w/o filering: «Phone Number». Fill in your payload, f.e. <script>alert('QUIXSS')</script> and save this changes. After that, on each page where data from your profile is loading you'll see saved payload in action.

Affects Theme

fixed in version 2.1.7

References

URL https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539
URL https://carspot.scriptsbundle.com/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher QUIXSS
Submitter QUIXSS
Submitter Website http://defcon.su/
Submitter Twitter @quixss
Views 2159
Verified No
WPVDB ID 9258

Timeline

Publicly Published 2019-04-18 (about 1 month ago)
Added 2019-04-23 (27 days ago)
Last Updated 2019-04-23 (27 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.