Lucene search

K
wpexploitWpvulndbWPEX-ID:4A310B4F-79FA-4B74-93F8-E4522921ABE1
HistoryJun 14, 2022 - 12:00 a.m.

404 to 301 < 3.1.2 - Reflected Cross-Site Scripting

2022-06-1400:00:00
wpvulndb
63
cross-site scripting
reflected attack
security exploit
website admin page

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting

https://example.com/wp-admin/admin.php?page=jj4t3-logs&a"><script>alert(/XSS/)</script>