InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)Sign up to our free email alerts service for instant vulnerability notifications!
Due to a lack of input sanitization in the includes/instalinker-admin-preview.php file, it is possible to utilise a reflected XSS vector to run a script in the target user's browser and potentially compromise the WordPress installation.
|Proof of Concept||
fixed in version 1.1.2
|OWASP Top 10||A3: Cross-Site Scripting (XSS)|
|Publicly Published||2016-02-07 (about 2 years ago)|
|Added||2016-02-07 (about 2 years ago)|
|Last Updated||2016-02-08 (about 2 years ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|