header-logo
Suggest Exploit
vendor:
Morning Coffee WordPress Theme
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Morning Coffee WordPress Theme
Affected Version From: Prior to version 3.6
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:morning_coffee_theme_for_wordpress
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Morning Coffee WordPress Theme

The Morning Coffee theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

It is recommended to update the Morning Coffee theme to version 3.6 or later to mitigate this vulnerability. Additionally, website administrators should ensure that user-supplied input is properly sanitized to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49878/info

The Morning Coffee theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Morning Coffee theme prior to 3.6 are vulnerable. 

http://www.example.com/wp/index.php/%22+%3E%3C/form%3E%3CScRiPt%3Exss=53851965%3C/ScRiPt%3E/t

Navigation

Suggest Exploit

Services By CQR