WordPress Jetpack plugin version 8.2 suffers from a cross site scripting vulnerability.
b49c9979e62d4d800fe2c104316f8a52[-] Title : word press plugin jetpack 8.2 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/jetpack/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
jetpack/modules/contact-form/grunion-form-view.php
======================================================================================================
Vulnerable Source :
59: echo echo absint($_GET['post_id']);
=======================================================================================================
POC :
http://localhost/wp-content/plugins/jetpack/modules/contact-form/grunion-form-view.php?post_id=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************