WordPress Plugin Vulnerabilities

Wr Age Verification < 2.0.0 - Reflected Cross-Site Scripting (XSS)

Description

The plugin does not sanitise, or escape the $_SERVER['PHP_SELF'] before using it in an attribute, leading to a reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
wr-age-verification
Fixed in 2.0.0

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
733b5282-0318-4b89-b370-31cabd0fa6b8

Timeline

Publicly Published
2021-07-12 (about 4 years ago)
Added
2021-07-12 (about 4 years ago)
Last Updated
2021-07-12 (about 4 years ago)

Other

Published
Title
Published
2014-08-01
Title
Better WP Security 3.6.3 - Online Backup Storage current_time Function Brute Force Disclosure
Published
2016-04-12
Title
Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2024-12-17
Title
Services updates for customers <= 1.0 - Reflected Cross-Site Scripting
Published
2025-02-18
Title
Drivr Lite – Google Drive Plugin plugin for WordPress <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2026-01-20
Title
TableOn < 1.0.4.3 - Reflected Cross-Site Scripting