CVE-2018-16285

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
References
Link Resource
https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html Exploit Technical Description Third Party Advisory
https://wpvulndb.com/vulnerabilities/9124 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*

Information

Published : 2018-09-06 16:29

Updated : 2018-11-02 14:33


NVD link : CVE-2018-16285

Mitre link : CVE-2018-16285


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

userproplugin

  • userpro