According to my tests, the following premium WordPress themes by imediapixel are affected by a reflected Cross-site Scripting (XSS) vulnerability:
Developer status: tried to contact vie e-mail and Themeforest forum - no responses.
Screen-shot of the ECOBIX theme basic XSS test - remote Javascript execution:
I have also tested some corporate sites using the ECOBIZ theme. They were all affected.
Based on the Themeforest purchase statistics, there could be over 4,000 affected websites.
Further reading:
WordPress Themes: XSS Vulnerabilities and Secure Coding Practices by Tony Perez
No comments:
Post a Comment