Friday, October 12, 2012

XSS vulnerability in four premium WordPress themes

According to my tests, the following premium WordPress themes are affected by a reflected Cross-site Scripting (XSS) vulnerability:

Developer status: notified, no responses.

Based on the Themeforest purchase statistics, over 6,000 sites could be affected.

BigBang XSS test example - remote Javascript execution:


Convergence XSS test example - remote iframe injection:

Because the number of potentially affected sites is high, it would be important to spread this information.

Further reading:
WordPress Themes: XSS Vulnerabilities and Secure Coding Practices by Tony Perez

No comments:

Post a Comment