WordPress Plugin Vulnerabilities
Advanced Ads < 1.17.4 - Reflected XSS via Admin Dashboard
Description
The plugin does not sanitise and escape the advads-last-edited-group before outputting it back in an attribute in n admin page, leading to a Reflected Cross-Site Scripting
Affects Plugins
Fixed in 1.17.4 References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Antony Garand (sucuri.net)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-03-18 (about 6 years ago)
Added
2020-03-18 (about 6 years ago)
Last Updated
2022-02-18 (about 4 years ago)
WPScan 