Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#wordpress#php#auth#firefox
# *Exploit Title*: WordPress Plugin ‘GetYourGuide Ticketing’  - StoredCross-Site Scripting# Date: 18-09-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage:https://wordpress.org/plugins/search/GetYourGuide+Ticketing/# Version: 1.0.1# Tested on: Firefox# Contact me: [email protected]# *Vulnerable code*:``` <input type="text" name="partner_hash" value="<?php echo $partner_hash?>"></input> ```# *POC*:1- Install the plugin ‘GetYourGuide Ticketing’ & activate it.2- Navigate toward the GYG-Ticketing3- Enter the XSS payload ` “><img src=x onerror=alert(1)>`4- Go to link builder to verify the XSS pop-up.#* POC image*:https://imgur.com/amrDhIt

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution