Vulnerability
The old JW player and Rokbox had vulnerabilities in the Refraction theme. The old WordPress versions allow remote attackers to inject malicious web script or HTML using the director name of a theme.The attacker can exploit this vulnerability for Cross site scripting in theme name fallback functionality which is contained in WordPress theme PHP file.
Impact
The impact include:-
- Cross-site Scripting
- Content scripting
- Full path disclosure
Mitigation / Precaution
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
