WordPress Exploit Alert: Themes with XSS Vulnerability


Finnish product security professional and a penetration tester, Janne Ahlberg, discovered a cross-site scripting (XSS) vulnerability in several WordPress themes.  This vulnerability can be used to remotely execute JavaScript code on the site where the theme is installed.

The WordPress themes in questions are:

  • Unite
  • Salutation
  • Intersect
  • Traject

They are all from the developer Parallelus, and they are sold through Themeforest.net.

If you run a WordPress site and are using any of these themes, please download and install the latest, patched version from either Themeforest.net or the developer directly.

Several WordPress themes have been found with a cross-site scripting vulnerability, according to a professional penetration tester.