PT-2026-55517 · Themegrill · Zakra
Publicado
2026-07-03
·
Atualizado
2026-07-03
·
CVE-2026-4804
CVSS v3.1
6.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra menu item color, zakra menu item hover color, and zakra menu item active color) with 'show in rest' => true and 'auth callback' => ' return true', but without any sanitize callback parameter in the register post meta() calls. While the classic editor save path applies sanitize hex color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get post meta() and concatenated directly into CSS strings that are output through wp add inline style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zakra