header-logo
Suggest Exploit
vendor:
Hybrid theme
by:
Not mentioned
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Hybrid theme
Affected Version From: Versions prior to Hybrid theme 0.10
Affected Version To: Not mentioned
Patch Exists: YES
Related CWE: Not mentioned
CPE: a:wordpress:hybrid_theme
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Cross-Site Scripting in Hybrid WordPress Theme

The Hybrid theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Upgrade to Hybrid theme version 0.10 or later, which fixes the vulnerability. Ensure that user-supplied input is properly sanitized before being used in web application code to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49866/info

The Hybrid theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Hybrid theme 0.10 are vulnerable. 

http://www.example.com/?p=8&cpage=[XSS]