More XSS Vulnerabilities Found in Wordpress Themes
By: Fahmida Rashid, PC Magazine
Several Wordpress themes have been found to host a cross-site
scripting (XSS) vulnerability, according to a professional penetration
tester. If you have a WordPress blog and are using one of the affected
themes, you need to download the fixed themes and install them to close
the XSS flaws.
XSS vulnerabilities can be found in Unite, Salutation, Intersect, and
Traject themes from Parallelus, said Janne Ahlberg, a Finnish product
security professional and a penetration tester. The themes generally
range between $30 and $60 and can be easily found on Themeforest.net, a
theme marketplace for Wordpress environments.
If left unpatched, attackers would be able to remotely execute
issue, Parallelus took action, correcting all issues in the themes.
Ahlberg claimed he had originally tried to send a Web form informing the
developer about the issues and had gotten no response.