| Title: Reflected XSS in wordpress plugin twitterlink-comments v1.34 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/twitterlink-comments |
| Downloads: 28138 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: twitterlink-comments |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./twitterlink-comments/include/options-page.php:
26: <a href="options-general.php?page=<?php echo $twitlink->slug;?>" class="nav-tab <?php echo $_GET['tab'] != 'twitlink_tab' ? 'nav-tab-active' : '';?>"><?php _e('Plugin Settings',$twitlink->plugin_domain);?></a>
The variable tab appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./twitterlink-comments/include/options-page.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|