September 13, 2019 at 8:26 pm #672860
My theme keeps getting removed. This is the second time in a month
Your theme Traveler has a security vulnerability and our systems remove it from your site.
Could you please contact the theme vendors about it?
Here you have more information on the vulnerability:
In the meantime, theme twenty nineteen has been activated.September 14, 2019 at 12:51 pm #673300
Weak security measures like no input & textarea fields data filtering has been discovered in the «Traveler – Travel Booking WordPress Theme».
1 – «Change Avatar» upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page (Server will respond with Error #500). Another possible issue is Null Byte Injection in PHP, but on the demo website any access to uploaded file will be blocked by CloudFlare.
2 – On the «Google Chrome» browser reflected XSS doesn’t work cause of built-in browser security measures, better use «Mozilla» or «Opera» instead.
April 30, 2019
Traveler version 2.7.1
Fix Reflected XSS Injection Security
Reflected XSS still not fixed. And Stored XSS too.
Proof of Concept
PoC [Reflected XSS Injection]:
~ For Reflected XSS Injection use default WordPress search on the demo website https://remap.travelerwp.com/?s=%5Bpayload%5D
~ Sample payload #1: “>
~ Sample payload #2: “><img src=x onerror=alert(
PoC [Stored XSS Injection]:
~ Go to the demo website https://carmap.travelerwp.com and register a new account (there is no validation or activation process) and then log in to your account. Go to https://carmap.travelerwp.com/page-user-setting/ page next. All input fields except «Username» and «E-mail» can be used for Stored XSS Injections, for test u can use any payload started from “> just to «close» input field and </textarea> to «close» the text box. Save the data and your payload(s) will be successfully injected.
~ Same logic works for any other theme options: «Checkout» page https://remap.travelerwp.com/checkout/ with multiple vulnerable input fields, «Write Review» page https://remap.travelerwp.com/page-user-setting/?sc=write_review&item_id=1084 etc. etc.
~ Sample payload #1: “><script>alert(‘QUIXSS’)</script>
~ Sample payload #2: </textarea>September 16, 2019 at 10:21 am #674290
Do you use WordPress.com host? Our theme is based on WordPress.org. The topic bellow will show you more details:
The forum ‘Traveler’ is closed to new topics and replies.