Lucene search
Bob MatyasWPVDB-ID:88162016-9FC7-4194-9E81-44C50991F6E9HistoryMay 02, 2024 - 12:00 a.m.
Pet Manager <= 1.4 - Reflected XSS
2024-05-0200:00:00
Bob Matyas
wpscan.com
5
pet manager
version 1.4
reflected xss
cross-site scripting
high privilege users
admin
poc
software update
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
1. Add a pet and publish the listing 2. View the pet on the frontend of the site and get a valid post id (found on the `` element as a class (i.e. postid-9) 3. Make a logged in admin open a link: https://example.com/wp-admin/post.php?post=__POST_ID__HERE__&action;=edit&cmb;_force_send=true&cmb;_send_label=test%27%29%3B%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E 4. See the XSS
Related
vulnrichment
vulnrichment
CVE-2024-3917 Pet Manager <= 1.4 - Reflected XSS
2024-05-23 06:00:02
nvd
nvd
CVE-2024-3917
2024-05-23 06:15:10
cve
cve
CVE-2024-3917
2024-05-23 06:15:10
cvelist
cvelist
CVE-2024-3917 Pet Manager <= 1.4 - Reflected XSS
2024-05-23 06:00:02
wpexploit
wpexploit
Pet Manager <= 1.4 - Reflected XSS
2024-05-02 00:00:00
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:88162016-9FC7-4194-9E81-44C50991F6E9