Monday, October 8, 2012

XSS vulnerability in Imediapixel premium WordPress themes

Back to WordPress theme testing.

According to my tests, the following premium WordPress themes by imediapixel are affected by a reflected Cross-site Scripting (XSS) vulnerability:
 Developer status: tried to contact vie e-mail and Themeforest forum - no responses.

Screen-shot of the ECOBIX theme basic XSS test - remote Javascript execution:

I have also tested some corporate sites using the ECOBIZ theme. They were all affected.

Based on the Themeforest purchase statistics, there could be over 4,000 affected websites.

Further reading:
WordPress Themes: XSS Vulnerabilities and Secure Coding Practices by Tony Perez

No comments:

Post a Comment