6 matches found
PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin
Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHPSELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of PHPSELF. So be sure to look out fo...
CVE-2021-39320
creationtimestamp| type| source ---|---|--- 2021-09-01 18:35:35+00:00| seen| https://t.me/cibsecurity/28172 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39320.yaml...
CVE-2021-39320
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320
CVE-2021-39320 affects the WordPress Under Construction plugin (versions
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...