wp-ticket - wordpress plugin - Cross-Site-Scripting

2021.01.13
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : wp-ticket - wordpress plugin - Cross-Site-Scripting [-] Author : Abolfazl Feyz [-] Vendor : https://github.com/wp-plugins/wp-ticket/archive/master.zip [-] Dork : inurl:wp-content/plugins/wp-ticket-master/ [-] date : 9.January.2021 ------------------------------------ Vulnerable page: /wp-content/plugins/wp-ticket-master/assets/ext/zebraform/process.php ------------------------------------ --------------------------------------------------- Vulnerable source: Line188 : $form = $_GET['form']; Line217 : echo echo $form; ---------------------------------------------------- -------------------------------------------------------- POC : http://site.com/wp-content/plugins/wp-ticket-master/assets/ext/zebraform/process.php?form=[XSS] ====================================== = cantact me = = Telegram ==> Mr_ramkal = = instagram ==> aboolfazl_feyz = = email ==> khodebolfazl@gmail.com = ======================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top