WordPress Really-Simple-SSL plugin version 3.2.9 suffers from a cross site scripting vulnerability.
15d5b82236c6e9225a6320e5cee222b2
[-] Title : word press plugin really-simple-ssl 3.2.9 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/really-simple-ssl/
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
really-simple-ssl/class-admin.php
======================================================================================================
Vulnerable Source :
3979: echo echo "var setting_name = '$setting_name'" . ";";
3978: $setting_name = sanitize_text_field($_GET['highlight']);
=======================================================================================================
POC :
http://localhost/wp-content/plugins/really-simple-ssl/class-admin.php?highlight=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************