WordPress Plugin Vulnerabilities
WP Shieldon < 1.6.4 - Unauthenticated Cross-Site Scripting (XSS)
Description
The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown.
This was due to $_SERVER['REQUEST_URI'] being echoed to a page without any encoding.
Proof of Concept
http://www.example.com/?<script>alert(1)</script>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Johto Robbie
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-01-18 (about 3 years ago)
Added
2021-01-25 (about 3 years ago)
Last Updated
2023-06-19 (about 10 months ago)