WordPress Theme Greenmart < 2.5.2 Unauthenticated Reflected XSS Vulnerability

The WordPress Theme Greenmar versions < 2.5.2 have a known XSS vulnerability.

This is a Reflected XSS vulnerability. This means an attacker can craft a URL request and output (reflect) script/code to the page.

On the surface this might not seem like a big deal.

Let’s say I’m an attacker and I want to get steal the websites admin password.

I could craft a link that inserts javascript that will capture the input and pass the data to another site.

I craft a link, trick the admin to login through this link and steal their login data.

Additionally, this could be used to create a phishing page, overlaying the HTML of the page with code to login. Start a spam campaign and use the site with an XSS to launch a massive phishing campaign.

If you’re running the Greenmart theme, please update to the latest version 2.5.2 immediately.

Leave a Reply