|Title: Reflected XSS in wordpress plugin basic-dev-tools v1.4.1|
|Author: Larry W. Cashdollar, @_larry0|
|Download Site: https://wordpress.org/plugins/basic-dev-tools|
|Vendor Notified: 2016-02-09|
|Vendor Contact: email@example.com|
|Plugin Name: basic-dev-tools|
There is a reflected XSS vulnerability in the following php code ./basic-dev-tools/includes/tableobject/templates/reduced_form.php: 27: <input type="hidden" name="id" value="<?php if(isset($_GET[$this->instance_name.'id'])) echo $_GET[$this->instance_name.'id'];?>"> The variable Id_Gcal appears to send unsanitized data back to the users browser.
|CVE-ID: Not Released|
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.