6 matches found
CVE-2019-14470
cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...
GHSA-GCV6-2V9C-RJ48 Cosenary Instagram-PHP-API contains reflected XSS vulnerability
cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...
Cosenary Instagram-PHP-API contains reflected XSS vulnerability
cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...
CVE-2019-14470
cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...
Design/Logic Flaw
cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...
CVE-2019-14470
The CVE-2019-14470 entry affects WordPress UserPro plugin versions up to 4.9.32, which uses the cosenary Instagram-PHP-API (V2). The vulnerability is a reflected Cross-Site Scripting (XSS) via the example/success.php error_description parameter, demonstrated by the vulnerable code path that echoe...