Lucene search

K
wpvulndbNeppahWPVDB-ID:3E262CD7-CA64-4190-8D8C-38B07BBE63E0
HistorySep 20, 2021 - 12:00 a.m.

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

2021-09-2000:00:00
Neppah
wpscan.com
8

0.001 Low

EPSS

Percentile

31.7%

The plugin does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues

PoC

Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms

CPENameOperatorVersion
gamepresseq*

0.001 Low

EPSS

Percentile

31.7%

Related for WPVDB-ID:3E262CD7-CA64-4190-8D8C-38B07BBE63E0