Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress WP Event Manager 3.1.27 Cross Site Scripting

WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#wordpress#auth#firefox
# Exploit Title: WordPress Plugin WP Event Manager  - Stored Cross SiteScripting# Date: 15-05-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/# Version: 3.1.27# Tested on: Firefox# Contact me: [email protected]#Steps To Reproduce :1 - First Install the plugins - wp-event-manager and activate it.2 - Go to event manager —> Add New3 - Inside the “”Event Title” at the top, enter XSS payload “><img src=xonerror=alert(1)> and hit publish.4 - Check the newly made event’s URL /event/{id}/ , XSS will trigger.#Poc Image :https://imgur.com/J1Q3x5u

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3