.. | |||
README.md | Loading last commit info... |
README.md
WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)
Description
The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown.
This was due to $_SERVER['REQUEST_URI'] being echoed to a page without any encoding.
Proof of Concept
http://www.example.com/?'"--></style></scRipt><scRipt>alert(0x000836)</scRipt>
References
https://wpscan.com/vulnerability/8d0eb0b4-0cc0-44e5-b720-90b01df3a6ee