J2TEAM Security: A must-have extension for Chrome users. Install now!
Trang chủ
Exploit
WordPress

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin

Cross-site Scripting Vulnerability in WordPress GD Star Rating Plugin | Juno_okyo's Blog
1 min read
Vector: Remote
Severity: Low
Patch: Unpatched
Impact: Cross-site Scripting (XSS)
Software: WordPress GD Star Rating Plugin 1.x , vulnerable versions: <=1.9.7
A cross-site scripting (XSS) vulnerability has been discovered in WordPress GD Star Rating Plugin.
An input validation error exists in wp-content/plugins/gd-star-rating/widgets/widget_top.php while processing the data passed to the parameter "wpfn". A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.

Demo:
Click here to view!
Leader at J2TEAM. Website: https://j2team.dev/

Bạn có thể thích những bài đăng này

  • [Theme Wordpress] Mingle (FULL PSD)
    Demo: http://themeforest.net/item/mingle-multipurpose-wordpress-theme/full_screen_preview/235056Download: http://www.mediafire.com/?kbkqq1wokzuva2f Pass Unlock: junookyo.blogs…
  • WordPress Site ScanneR
    Hello, WordPreSs Site ScanneR A Tool With PHP Offer You To Scan WordPress Sites From Plugins And Themes Just Put The URL And Click Scan Download: http://www.mediafire.com/?2uj4d6…
  • WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
    Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-92.html Description of vulnerable target: ~~~~~~~~~~~~~~~~…
  • [Tut] Local Và Up Shell Wordpress
    http://www.mediafire.com/download.php?k7n1v4x660rq2jc Pass: ano.vhb Nguồn: VHB …
  • WordPress Components Server Scanner
    WordPress Components Server Scanner Another Script Offer You To Scan Server From WordPress And Get Them Plugins And Themes InstalleD Download: http://www.mediafire.com/?nfar3n35…
  • Timeline WordPress - Theme Giống Facebook
    Download: http://www.timeline-wp.com/wp-conten...nload.php?id=1 Plugin: http://wordpress.org/extend/plugins/.../installation/ Demo: http://www.timeline-wp.com/ …

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!