header-logo
Suggest Exploit
vendor:
WordPress WooThemes (Live Wire)
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: WordPress WooThemes (Live Wire)
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:woothemes:woothemes
Metasploit:
Other Scripts:
Platforms Tested: WordPress
2021

Cross-Site Scripting Vulnerability in WordPress WooThemes (Live Wire)

The vulnerability exists due to insufficient sanitization of user-supplied data in multiple WordPress WooThemes (Live Wire). An attacker can exploit this vulnerability by injecting arbitrary script code in the browser of a victim user, potentially leading to theft of authentication credentials and other attacks.

Mitigation:

It is recommended to update to the latest version of WordPress WooThemes (Live Wire) to mitigate this vulnerability. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48110/info

Multiple WordPress WooThemes (Live Wire) are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/wp-content/themes/_theme's_name_/includes/test.php?a[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Navigation

Suggest Exploit

Services By CQR