Cosenary Instagram-PHP-API contains reflected XSS vulnerability

cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...

CVE-2019-14470

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

CVE-2019-14470

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

Design/Logic Flaw

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

CVE-2019-14470

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

CVE-2019-14470

The CVE-2019-14470 entry affects WordPress UserPro plugin versions up to 4.9.32, which uses the cosenary Instagram-PHP-API (V2). The vulnerability is a reflected Cross-Site Scripting (XSS) via the example/success.php error_description parameter, demonstrated by the vulnerable code path that echoe...

WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress UserPro plugin versions = 4.9.33. Solution 27 August 2019 - no patched version available...

WordPress UserPro Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.UserPro is a user profile management plugin used in it. A cross-site scripting vulnerability exists in WordPress UserPro plugin version...

WordPress UserPro 4.9.32 Cross Site Scripting

Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&errordescription=...

WordPress UserPro 4.9.32 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept:...

WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting

WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept:...

WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting

Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&errordescription=...

UserPro <= 4.9.34 - Unauthenticated Reflected XSS

Edit WPscanTeam: August 26th, 2019 - Envato Notified September 2nd, 2019 - v4.9.34 released, still vulnerable September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue...

UserPro <= 4.9.34 - Unauthenticated Reflected XSS

Edit WPscanTeam: August 26th, 2019 - Envato Notified September 2nd, 2019 - v4.9.34 released, still vulnerable September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue PoC...

Wordpress Plugin UserPro Administrator Role Registration Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the Wordpress plugin UserPro. An attacker can exploit the vulnerability to register an...

Wordpress UserPro < 4.9.21 Plugin - User Registration Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

WordPress Plugin UserPro &lt; 4.9.21 - User Registration Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage:...

WordPress UserPro Privilege Escalation

Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage: https://userproplugin.com/ Software Link:...

UserPro <= 4.9.27 - User Registration With Administrator Role

According to the changelog: Version 4.9.28 26 Sept 2018 ============================ - Security fix : Register user with administrator role...