Lucene search
WpvulndbWPVDB-ID:34EA00D1-3F45-4550-9D22-5A966E9C01B9HistoryOct 11, 2021 - 12:00 a.m.
Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter
2021-10-1100:00:00
wpscan.com
6
The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021
PoC
Example in easy-paypal-donation
| CPE | Name | Operator | Version |
|---|---|---|---|
| subscriptions-memberships-for-paypal | lt | 1.1.3 | |
| easy-paypal-donation | lt | 1.3.1 | |
| easy-paypal-events-tickets | lt | 1.1.2 |