Lucene search
WpvulndbWPVDB-ID:4A4934D6-282D-4E8C-922A-6B1F12884191HistoryAug 06, 2021 - 12:00 a.m.
WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)
2021-08-0600:00:00
wpscan.com
6
0.001 Low
EPSS
Percentile
29.4%
The plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts WPScanTeam: The issue was reported as fixed, but the fix was insufficient and a separate advisory has been made for it
PoC
https://example.com/wp-admin/tools.php?page=wpf-settings-logs&startdate;=“>&enddate;=”>
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-fusion-lite | lt | 3.37.30 |
Related
cve
cve
CVE-2021-34660
2021-08-09 13:15:07
nvd
nvd
CVE-2021-34660
2021-08-09 13:15:07
patchstack
patchstack
wpexploit
wpexploit
WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)
2021-08-06 00:00:00
prion
prion
Cross site scripting
2021-08-09 13:15:00
cvelist
cvelist
CVE-2021-34660 WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting
2021-08-06 00:00:00