Check Order status | Verified Sales | Escrow Service | Advertise
westernunion carding gold carding
revolut carding electronics carding
paypal carding payoneer carding
advertise on cracking forums

WordPress I Love It XSS / Content Spoofing / Path Disclosure

Prince

[ Verified Seller ]
Staff member
Trusted Seller
Joined
10 yrs. 6 mth. 15 days
Messages
5,387
Reaction score
18,373
Age
44
Wallet
11,590$
The WordPress I Love It theme suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.

Hello list!

These are Cross-Site Scripting, Content Spoofing and Full path disclosure
vulnerabilities in I Love It theme for WordPress. This is commercial
(premium) theme.

-------------------------
Affected products:
-------------------------

All versions of I Love It theme for WordPress. The theme contains vulnerable
versions of Audio Player and GDD FLVPlayer.

-------------------------
Affected vendors:
-------------------------

CosmoThemes
CosmoThemes » Premium WordPress Themes

----------
Details:
----------

Cross-Site Scripting (WASC-08):

Please, Log in or Register to view URLs content!
))}catch(e){alert(document. cookie)}//

Content Spoofing (WASC-12):

Please, Log in or Register to view URLs content!


There are 10 vulnerabilities in GDD FLVPlayer: 8 CS and 2 XSS. Which I
announced recently (??????????? ? GDD FLVPlayer - Websecurity - ??? ???????) and informed developers
of GDD FLVPlayer. These vulnerabilities will be disclosed later.

Full path disclosure (WASC-13):

Please, Log in or Register to view URLs content!


There are FPD vulnerabilities in index.php and other php-files (in folder
and subfolders).

------------
Timeline:
------------

2013.05.24 - informed CosmoThemes about vulnerabilities in their I Love It
New theme.
2013.07.11 - disclosed at my site (XSS, CS ?? FPD ??????????? ? ???? I Love It ??? WordPress - Websecurity - ??? ???????).
2013.07.12 - informed developers about vulnerabilities in their I Love It
theme.
 
Top Bottom