Published on December 6th, 2023 📆 | 3248 Views ⚑

WordPress Phlox-Pro Theme 5.14.0 Cross Site Scripting – Torchsec

https://www.ispeech.org

# Exploit Title: WordPress Theme phlox-pro 5.14.0 - 'searchform' Cross-Site Scripting (XSS)
# Date: 3/12/2023
# Exploit Author: Haktrak Team
# Vendor Homepage: https://phlox.pro
# Software Link: https://www.phlox.pro/go/
# Version: 5.14.0
# Tested on: Linux[apache]/wordrepss 6.3.1

Description:

A Cross Site Scripting (XSS) vulnerability exists in WordPress Theme phlox-pro

Vulnerable Code:

Steps to exploit:
1) Go to searchform
2) Insert your payload in the "search"

Proof of concept (Poc):
The following payload will allow you to run the javascript -
https://example.com/?s=ok&%27>123=1

Source link

Tagged with: 5.14.0 • cross • phlox • PhloxPro • scripting • Site • theme • torchsec • wordpress

Comments are closed.

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Debian Security Advisory 5664-1 – Torchsec by Admin April 18, 2024 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5664-1 security@debian.orghttps://www.debian.org/security/… (10)
- Hackers Exploiting WP-Automatic Plugin Bug to Create… by Admin April 26, 2024 Apr 26, 2024NewsroomThreat Intelligence / Cyber Attack Threat actors are… (9)
- MinIO Privilege Escalation – Torchsec by Admin April 13, 2024 # Exploit Title: MinIO < 2024-01-31T20-20-33Z - Privilege Escalation# Date:… (7)
- China-Linked Hackers Suspected in ArcaneDoor… by Admin May 6, 2024 May 06, 2024NewsroomNetwork Security / Malware The recently uncovered cyber… (7)
Gloss
- viktorimgd on Red Hat Security Advisory 2024-2697-03 – Torchsec
- Lost In Press on Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
- vikierm on Red Hat Security Advisory 2024-2639-03 – Torchsec
- vilianashf on Ubuntu Security Notice USN-6759-1 – Torchsec
- vikikmg on Ubuntu Security Notice USN-6761-1 – Torchsec
- vikiofb on Ubuntu Security Notice USN-6729-3 – Torchsec
- Irinvff on Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
- MichailmoeYI on Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
- MichailmoeYI on Ubuntu Security Notice USN-6745-1 – Torchsec
- EdithImpagGE on Red Hat Security Advisory 2024-1882-03 – Torchsec
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Joanne Bowe
  
  registered 50 minutes ago
- Mario Staley
  
  registered 3 hours, 6 minutes ago
- Jasper Ruyle
  
  registered 5 hours, 11 minutes ago
- Titus Polson
  
  registered 5 hours, 58 minutes ago
- Lavonda Olin
  
  registered 9 hours, 45 minutes ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- Pentest Tools
  
  active 50 minutes ago
- Pentest Tutorials
  
  active 50 minutes ago
- Hardware
  
  active 50 minutes ago
- Help Me !!
  
  active 50 minutes ago
- Comments & Suggestions
  
  active 50 minutes ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

WordPress Phlox-Pro Theme 5.14.0 Cross Site Scripting – Torchsec

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups