3 matches found
WordPress Ultimate Affiliate Pro Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Ultimate Affiliate Pro plugin. An attacker can exploit this...
WordPress Ultimate Affiliate Pro plugin <=3.6 - Authenticated Stored Cross-site scripting (XSS) vulnerability
Authenticated Stored Cross-site scripting XSS vulnerability found by 8bitsec in premium WordPress Ultimate Affiliate Pro plugin version 3.6 and earlier versions. Cross-site scripting possible when logged in as an affiliate. Solution 2017.07.29 - We were unable to find information about patched...
WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
Exploit Title: Ultimate Affiliate Pro WordPress Plugin Edit Account. Write the payload in the 'Last Name' input area: jaVasCript:/-///'/"/// /oNMouseoVer=alertdocument.domain Other fields may be vulnerable. Authenticated Stored XSS: Logged as an affiliate, a low privileged user. Marketing...