logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Directories Pro < 1.3.46 - Authenticated Reflected Cross-Site Scripting

Description

The plugin did not sanitise the _drts_form_build_id parameter in a POST request to /wp-admin/admin.php?page=drts/directories, allowing for HTML or JavaScript injection.

Affects Plugins

directories

Fixed in version 1.3.46

References

CVE

CVE-2020-29303

URL

https://seclists.org/fulldisclosure/2020/Dec/14

URL

https://packetstormsecurity.com/files/160452/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Jack Misiura

Verified

No

WPVDB ID

f342a865-5e5a-4219-935d-f97295463649

Timeline

Publicly Published

2020-12-12 (about 4 months ago)

Added

2020-12-12 (about 4 months ago)

Last Updated

2020-12-15 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin