WordPress Events Manager version 3.1.2 suffers from a cross site scripting vulnerability.
83bdbab28111ce8d7628fb6eb8111ec8d6417e3c8f648675e4d1854557104bfc# Author: Craw
# Email: craw@element7.eu
# Software Link: https://wordpress.org/extend/plugins/events-manager-extended/
# Version: 3.1.2
# Category: webapplications
=======================================================
[+] ExploiT [1] : If you are allowed to leave a comment:
Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
The Code will be displayed below the event.
[+] ExploiT [2] : If you are allowed to book an event:
Persistent XSS Vulnerability: You can inject Javascript Code in [Name] , [Email] , [Phonenumber] , [Comment]
The Code will be displayed in the Wordpress Backend -> https://www.site.com/wp-admin/admin.php?page=events-manager-people
=======================================================
Greetz @ LUXEMBOURG
=======================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed