Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbZhongFu Su(JrXnm) of WuHan UniversityWPVDB-ID:1F0AE535-C560-4510-AE9A-059E2435AD39
HistoryJul 04, 2022 - 12:00 a.m.

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

2022-07-0400:00:00
ZhongFu Su(JrXnm) of WuHan University
wpscan.com
11
popup anything
reflected cross-site scripting
sanitisation
escaping
poc
shortcode
payload
frontend page

EPSS

0.001

Percentile

40.2%

JSON

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting

PoC

On a post/page where the [paoc_details display=“key_xxx”] shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert(/XSS/)%3C/script%3E e.g: https://example.com/2022/06/10/hello/?xxx=11111<script>alert(/XSS/)</script>

Related

cve 1
patchstack 1
prion 1
wpexploit 1
nvd 1
cvelist 1
cve
cve
CVE-2022-2115
2022-07-25 13:15:08
patchstack
patchstack
WordPress Popup Anything plugin <= 2.1.6 - Reflected Cross-Site Scripting (XSS) vulnerability
2022-07-04 00:00:00
prion
prion
Cross site scripting
2022-07-25 13:15:00
wpexploit
wpexploit
Popup Anything < 2.1.7 - Reflected Cross-Site Scripting
2022-07-04 00:00:00
nvd
nvd
CVE-2022-2115
2022-07-25 13:15:08
cvelist
cvelist
CVE-2022-2115 Popup Anything < 2.1.7 - Reflected Cross-Site Scripting
2022-07-25 12:46:58

EPSS

0.001

Percentile

40.2%

JSON
Related for WPVDB-ID:1F0AE535-C560-4510-AE9A-059E2435AD39
cve1patchstack1prion1wpexploit1nvd1cvelist1