WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Directories Pro < 1.3.46 - Authenticated Reflected Cross-Site Scripting

Description

The plugin did not sanitise the _drts_form_build_id parameter in a POST request to /wp-admin/admin.php?page=drts/directories, allowing for HTML or JavaScript injection.

Affects Plugins

directories
Fixed in version 1.3.46

References

CVE
CVE-2020-29303
URL
https://seclists.org/fulldisclosure/2020/Dec/14
URL
https://packetstormsecurity.com/files/160452/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Jack Misiura

Verified

No

WPVDB ID
f342a865-5e5a-4219-935d-f97295463649

Timeline

Publicly Published

2020-12-12 (about 1 years ago)

Added

2020-12-12 (about 1 years ago)

Last Updated

2020-12-15 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin