Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)Sign up to our free email alerts service for instant vulnerability notifications!
User input gets first escaped with esc_html() and then urldecoded. This leads to the possibility of reflected XSS with a double url encoded payload.
|Proof of Concept||
fixed in version 1.3.67
|OWASP Top 10||A3: Cross-Site Scripting (XSS)|
|Submitter||Karim El Ouerghemmi|
|Publicly Published||2018-02-22 (5 months ago)|
|Added||2018-02-25 (5 months ago)|
|Last Updated||2018-02-25 (5 months ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|