Script injection with search

  • I got a message that my search function of WordPress (probably old theme?) can be used to inject scripts or something if you put some after the ?s= at the url… The example given was

    ?s=<svG%20onLoad=prompt(/css/)>

    When I try this on my website, a popup window appears with “/css/” prompt and “Ok” and “Cancel”. I have no idea if this is something dangerous (or could be) or not.. How can I fix this? I assume, the “searchform.php” has to be edited? My theme is an old theme not updated in a while. Is that the reason? Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter Kotanji

    (@kotanji)

    The site hasn’t been hacked though?

    Moderator James Huff

    (@macmanx)

    Still the first thing I’d go through when there’s a security concern.

    But, if you’re confident you’re clean, do you have the same issue with a more up to date theme, like the Twenty Twenty-Four theme.

    If so, do you have the same issue with all plugins deactivated?

    If you can install plugins, install?Health Check. On the troubleshooting tab, you can click the button to deactivate all plugins and change the theme for you while you’re still logged in without affecting normal visitors to your site.

    Thread Starter Kotanji

    (@kotanji)

    Actually the main question was anyway – I just need to know if this is a theme issue. Is it? As I said, it’s an old theme. So where do I have to update that old theme (searchform.php etc)?
    Basically – what is the component in a theme that would allow this? When I enter that prompt on a modern theme it just gives “Nothing found” as a page. What component is used to use the “/?s=”

    • This reply was modified 6 months, 3 weeks ago by Kotanji.
    Moderator James Huff

    (@macmanx)

    I just need to know if this is a theme issue. Is it?

    It’s hard to say if it’s a theme issue without ruling out the theme.

    do I have to update that old theme (searchform.php etc)?

    No, if your theme is so old that it’s vulnerable, it’s time to move to a new and more recently maintained theme.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Script injection with search’ is closed to new replies.

Tags