CarSpot Theme <= 2.1.6 - Authenticated Stored XSS



Description
Bad input field data filtering has been discovered in the «CarSpot – Automotive Car Dealer Wordpress Classified Theme». Current version of this Premium Theme is 2.1.5.
Proof of Concept
Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is zulacone@businessagent.email and passowrd is asdasd. If this account will be deleted, simply create a new one, it's easy.
On the profile page there is one vulnerable input field w/o filering: «Phone Number». Fill in your payload, f.e. <script>alert('QUIXSS')</script> and save this changes. After that, on each page where data from your profile is loading you'll see saved payload in action.

Affects Theme

fixed in version 2.1.7

References

CVE 2019-15870
URL https://themeforest.net/item/carspot-automotive-car-dealer-wordpress-classified-theme/20195539
URL https://carspot.scriptsbundle.com/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher QUIXSS
Submitter QUIXSS
Submitter Website http://defcon.su/
Submitter Twitter @quixss
Views 5173
Verified No
WPVDB ID 9258

Timeline

Publicly Published 2019-04-18 (5 months ago)
Added 2019-04-23 (5 months ago)
Last Updated 2019-09-03 (18 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin