Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress Simple URLs Cross Site Scripting

WordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#web#google#js#wordpress#php#auth#chrome#firefox
# Exploit Title: simple urls < 115  XSS# Google Dork:# Exploit Author: AmirZargham# Vendor Homepage: https://getlasso.co/# Software Link: https://wordpress.org/plugins/simple-urls/# Version: < 115# Tested on: firefox,chrome# CVE: CVE-2023-0099# CWE: CWE-79# Platform: MULTIPLE# Type: WebAppsDescriptionThe Simple URLs WordPress plugin before 115 does not sanitise and escapesome parameters before outputting them back in some pages, leading toReflected Cross-Site Scripting.Usage Info:send malicious link to victim:https://vulnerable.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=<script>alert(origin)</script>

Related news

CVE-2023-0099

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution