Lucene search

K
wpvulndbWpvulndbWPVDB-ID:4A4934D6-282D-4E8C-922A-6B1F12884191
HistoryAug 06, 2021 - 12:00 a.m.

WP Fusion Lite < 3.37.30 - Reflected Cross-Site Scripting (XSS)

2021-08-0600:00:00
wpscan.com
6

0.001 Low

EPSS

Percentile

29.3%

The plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts WPScanTeam: The issue was reported as fixed, but the fix was insufficient and a separate advisory has been made for it

PoC

https://example.com/wp-admin/tools.php?page=wpf-settings-logs&amp;startdate;=“&gt;&amp;enddate;=”&gt;

CPENameOperatorVersion
wp-fusion-litelt3.37.30

0.001 Low

EPSS

Percentile

29.3%

Related for WPVDB-ID:4A4934D6-282D-4E8C-922A-6B1F12884191