Wordpress Domain Check <= 1.0.16 - Admin+ Reflected XSS

0 minute read

Domain Check is a Wordpress plugin that allows you to see what domains and SSL certificates are coming up for expiration and to quickly locate the coupons, coupon codes, and deals from your favorite sites before renewing.

An authenticated user is able to inject arbitrary javascript or HTML code to the “Domain Check Profile” interface available in settings page of the plugin, due to incorrect sanitization of user-supplied data and achive a Reflected Cross-Site Scripting attack against the administrators.

There will be much more reviews and researches, stay close!

comments powered by Disqus