HomePage Forums Traveler Traveler theme removed

This topic contains 2 replies, has 2 voices, and was last updated by  Bryan 1 day, 5 hours ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #67286

    My theme keeps getting removed. This is the second time in a month

    Your theme Traveler has a security vulnerability and our systems remove it from your site.

    Could you please contact the theme vendors about it?
    Here you have more information on the vulnerability:

    https://wpvulndb.com/vulnerabilities/9321

    In the meantime, theme twenty nineteen has been activated.

    #67330

    Weak security measures like no input & textarea fields data filtering has been discovered in the «Traveler – Travel Booking WordPress Theme».

    Special Notes:
    1 – «Change Avatar» upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page (Server will respond with Error #500). Another possible issue is Null Byte Injection in PHP, but on the demo website any access to uploaded file will be blocked by CloudFlare.

    2 – On the «Google Chrome» browser reflected XSS doesn’t work cause of built-in browser security measures, better use «Mozilla» or «Opera» instead.

    https://travelerwp.com/traveler-changelog/
    April 30, 2019
    Traveler version 2.7.1
    Fix Reflected XSS Injection Security

    Reflected XSS still not fixed. And Stored XSS too.
    Proof of Concept
    PoC [Reflected XSS Injection]:
    ~ For Reflected XSS Injection use default WordPress search on the demo website https://remap.travelerwp.com/?s=%5Bpayload%5D
    ~ Sample payload #1: “>
    ~ Sample payload #2: “><img src=x onerror=alert(QUIXSS)>

    PoC [Stored XSS Injection]:
    ~ Go to the demo website https://carmap.travelerwp.com and register a new account (there is no validation or activation process) and then log in to your account. Go to https://carmap.travelerwp.com/page-user-setting/ page next. All input fields except «Username» and «E-mail» can be used for Stored XSS Injections, for test u can use any payload started from “> just to «close» input field and </textarea> to «close» the text box. Save the data and your payload(s) will be successfully injected.

    ~ Same logic works for any other theme options: «Checkout» page https://remap.travelerwp.com/checkout/ with multiple vulnerable input fields, «Write Review» page https://remap.travelerwp.com/page-user-setting/?sc=write_review&item_id=1084 etc. etc.
    ~ Sample payload #1: “><script>alert(‘QUIXSS’)</script>
    ~ Sample payload #2: </textarea>

    https://wpvulndb.com/vulnerabilities/9321

    #67429

    Hi

    Do you use WordPress.com host? Our theme is based on WordPress.org. The topic bellow will show you more details:

    https://www.wpbeginner.com/beginners-guide/self-hosted-wordpress-org-vs-free-wordpress-com-infograph/

    Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.