Lucene search

K
wpvulndbNicolas SurribasWPVDB-ID:1C3FF47A-12A5-49C1-A166-2C57E5C0D0AA
HistoryNov 13, 2023 - 12:00 a.m.

AMP+ Plus <= 3.0 - Reflected Cross Site Scripting

2023-11-1300:00:00
Nicolas Surribas
wpscan.com
2
amp+ plus
reflected cross site scripting
vulnerability
software
admin
high privilege users

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PoC

https://example.com/?p=1&amp;yolo;="><ScRiPt>alert('XSS')<%2FsCrIpT>

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Related for WPVDB-ID:1C3FF47A-12A5-49C1-A166-2C57E5C0D0AA