WordPress Plugin Vulnerabilities

Automatic Domain Changer < 2.0.3 - Reflected Cross-Site Scripting

Description

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting

Proof of Concept

Affects Plugins

Plugin icon
automatic-domain-changer
Fixed in 2.0.3

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
4802b643-9e48-4ae6-9aa4-7a90cf1650a4

Timeline

Publicly Published
2022-05-31 (about 3 years ago)
Added
2022-06-13 (about 3 years ago)
Last Updated
2022-06-13 (about 3 years ago)

Other

Published
Title
Published
2024-05-29
Title
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.108 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field
Published
2023-01-19
Title
Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS
Published
2025-05-16
Title
Broadstreet < 1.51.3 - Contributor+ Stored XSS
Published
2024-09-24
Title
Elementor Addons by Livemesh < 8.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via piechart_settings Parameter
Published
2016-01-26
Title
WP Easy Gallery <= 4.1.4 - Reflected Cross-Site Scripting (XSS)