WordPress Prismatic 2.3 Cross Site Scripting

WordPress Prismatic plugin version 2.3 suffers from a cross site scripting vulnerability.


MD5 | a0d39eb5a5e494a8a016235265ecb650

[-] Title : word press plugin prismatic 2.3 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/prismatic /
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
prismatic/inc/settings-display.php
======================================================================================================
Vulnerable Source :
35: echo echo $tab_active;
27: $tab_active = sanitize_text_field($_GET['tab']) : 'tab1';
=======================================================================================================
POC :
http://localhost/wp-content/plugins/prismatic/inc/settings-display.php?tab=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************

Related Posts