Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)



Description
User controllable input in the admin page of Custom Permalinks gets output without any escaping. 
Proof of Concept
URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=<script>alert(1)</script>

Affects Plugin

fixed in version 1.2

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Karim El Ouerghemmi
Submitter Website https://ripstech.com
Views 4060
Verified No
WPVDB ID 9030

Timeline

Publicly Published 2018-02-22 (over 1 year ago)
Added 2018-02-25 (over 1 year ago)
Last Updated 2018-02-25 (over 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin