The Classima WordPress theme prior to 2.1.11 and some of its required plugins (Classified Listing prior to 2.2.14, Classified Listing Pro prior to 2.0.20, Classified Listing Store & Membership prior to 1.4.20 and Classima Core prior to 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
radiustheme classima |
||
radiustheme classima core |
||
radiustheme classified listing store \\& membership |
||
radiustheme classified listing - classified ads \\& business directory |
||
radiustheme classified listing pro - classified ads \\& business directory |