WordPress Refraction Theme Multiple Vulnerabilities

OWASP 2013-A9 OWASP 2017-A9

The old JW player and Rokbox had vulnerabilities in the Refraction theme. The old WordPress versions allow remote attackers to inject malicious web script or HTML using the director name of a theme.The attacker can exploit this vulnerability for Cross site scripting in theme name fallback functionality which is contained in WordPress theme PHP file.

Impact

The impact include:-

  • Cross-site Scripting
  • Content scripting
  • Full path disclosure

Mitigation / Precaution

Latest Articles