Description
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Affected products
- atastypixel / elegant_grunge1.0.3
- atastypixel / elegant_grunge0.1 – 0.1
- atastypixel / elegant_grunge0.2 – 0.2
- atastypixel / elegant_grunge0.2.1 – 0.2.1
- atastypixel / elegant_grunge0.2.2 – 0.2.2
- atastypixel / elegant_grunge0.3 – 0.3
- atastypixel / elegant_grunge0.4.1 – 0.4.1
- atastypixel / elegant_grunge0.4.2 – 0.4.2
- atastypixel / elegant_grunge0.4.3 – 0.4.3
- atastypixel / elegant_grunge0.4.4 – 0.4.4
- atastypixel / elegant_grunge0.4.5 – 0.4.5
- atastypixel / elegant_grunge1.0 – 1.0
- atastypixel / elegant_grunge1.0.1 – 1.0.1
- atastypixel / elegant_grunge1.0.2 – 1.0.2
References
- VENDOR_ADVISORYhttps://sitewat.ch/en/Advisories/14