Sell Media < 2.4.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2020-08-14T00:00:00
ID WPEX-ID:34DD2F02-34AD-4B40-8233-AD0B280C3611
Type wpexploit
Reporter wpvulndb
Modified 2020-08-15T05:00:08

Description

A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).

                                        
                                            https://example.com/sell-media-search/?keyword="><script>alert(/XSS/)</script>