/*!
- # VULNERABILITY: Car Repair Services WordPress Theme v3.9 - Unauthenticated Reflected XSS & XFS
- # GOOGLE DORK: inurl:/wp-content/themes/car-repair-services/
- # DATE: 2021-02-12
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: SmartDataSoft [ https://smartdatasoft.com ]
- # SOFTWARE VERSION: <= 3.9
- # SOFTWARE LINK: https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557
- # CVSS: AV:N/AC:L/PR:N/UI:N/S:C
- # CWE: CWE-79
- # CVE: CVE-2021-24335
*/
### -- [ Info: ]
[i] An Unauthenticated Reflected XSS & XFS vulnerabilities was discovered in the Car Repair Services theme through v3.9 for WordPress.
[i] Vulnerable parameter(s): &serviceestimatekey=.
[i] Plugin(s) affected: Auto Repair Search by SmartDataSoft [ https://smartdatasoft.com ].
### -- [ Impact: ]
[~] Malicious JavaScript code or iFrame injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.
### -- [ Payloads: ]
[$]
[$]