WordPress Refraction Theme Multiple Vulnerabilities

Jijith Rajan
Published on
26 Jun 2018

The old JW player and Rokbox had vulnerabilities in the Refraction theme. The old WordPress versions allow remote attackers to inject malicious web script or HTML using the director name of a theme.The attacker can exploit this vulnerability for Cross site scripting in theme name fallback functionality which is contained in WordPress theme PHP file.


The impact include:-

  • Cross-site Scripting
  • Content scripting
  • Full path disclosure

Mitigation / Precaution

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment