Fruitful Theme < 3.8.1 – Unauthenticated Reflected Cross-Site Scripting (XSS) | Theme Vulnerabilities

Description

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.

The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions:

"Bug fix: Fixed issues on comment form"

Proof of Concept

Add a Cross-Site Scripting (XSS) payload to the 'Name' field of the comment section and submit the form.

This will result in the following HTTP Post body:

comment=This+is+a+test+comment.&author=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22&email=&url=&submit=Post+Comment&comment_post_ID=1&comment_parent=0

Affects Themes

Fixed in 3.8.1

References

Exploitdb

URL

https://packetstormsecurity.com/files/#156390/

URL

https://github.com/Fruitfulcode/Fruitful/issues/58

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Ultra Security Team (Ashkan Moghaddas , AmirMohammad Safari)

Verified

Yes

WPVDB ID

2441dba1-1175-4c32-b493-b31a76b64fa3

Timeline

Publicly Published

2020-02-17 (about 4 years ago)

Added

2020-02-24 (about 4 years ago)

Last Updated

2020-03-13 (about 4 years ago)

Other

Published

Title

Published

2013-08-26

Title

Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS

Published

2020-07-24

Title

WooCommerce Subscriptions < 2.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2024-03-13

Title

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

Published

2024-05-06

Title

The Plus Addons for Elementor < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-08-09

Title

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)