Monday, October 1, 2012

XSS vulnerability in BigFeature WordPress premium theme

BigFeature WordPress premium theme by Vfxdude is vulnerable to reflected Cross-site Scripting (XSS).

Developer status: notified. Developer response: issue has been fixed

Screen-shot of the XSS test:


Theme upgade is recommended. Theme developer has a support forum and online FAQ.

The number of affected sites is unknown. Themeforest statistics indicates that 4636 purchases have been completed. I tested nine different sites using this theme and they were all affected.

Further reading:
What's Cross-site Scripting -  MakeUseOf-article, July 2012
Why XSS is so serious business a blog post by Troy Hunt, August 2012
The Open Web Application Security Project (OWASP) TOP-10-A2

No comments:

Post a Comment