SecurityHome.eu Security vulnerability: WordPress U-Design Theme 2.7.9 Cross Site Scripting

Home / vulnerabilities PDF

WordPress U-Design Theme 2.7.9 Cross Site Scripting
Posted on 06 October 2015
Source : packetstormsecurity.org Link

u-desing is a wordpress theme prone to DOM XSS vulnerability.

Vendor url:
http://themeforest.net/item/udesign-responsive-wordpress-theme/253220

versions between 2.7.9 – (Updated: 08.05.2015) and 2.3.0 – (Updated:
04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be
exploited by adding #<svg onload=alert(1)> to the end of the url.

Vendor already patched the vulnerability on higher versions, but there are
still a lot of people/companies are using vulnerable ones.

Dork: inurl:/wp-theme/u-design/
You can check the version from: /wp-content/themes/u-design/style.css
CVE Reference: CVE-2015-7357
Author: @K3n4nG

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20