wordpress hashtagger plugin - 3.2 -Cross-Site-Scripting

2021.01.11
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : wordpress hashtagger plugin - 3.2 -Cross-Site-Scripting [-] Author : Abolfazl Feyz [-] Vendor : https://github.com/wp-plugins/hashtagger [-] Dork : inurl: /plugins/hashtagger-master/ [-] Date : 11.January.2021 ------------------------------------ Vulnerable page: wordpress/wp-content/plugins/hashtagger-master/hashtagger.php ------------------------------------ --------------------------------------------------- Vulnerable source: 420: $url = admin_url('options-general.php?page=' . $_GET['page'] . '&tab='); 432: echo echo $url . 'general'; ---------------------------------------------------- -------------------------------------------------------- POC : http://site.com/wp-content/plugins/hashtagger-master/hashtagger.php?url=[XSS] ====================================== = cantact me = = Telegram ==> Mr_ramkal = = instagram ==> aboolfazl_feyz = = email ==> khodebolfazl@gmail.com = ======================================


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top