Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability was due to the Plugin using the $_SERVER['REQUEST_URI'] PHP variable to create a URL string that was later output within HTML without any output encoding.
|Proof of Concept
Click on the following link while using the Internet Explorer (IE) web browser, with the XSS filter disabled:
Alternatively, run the following cURL request and notice that the XSS payload is output within HTML, without any validation, or output encoding:
curl -s 'http://www.example.com/index.php/community/?"><script>alert(/XSS/)</script>' | grep "XSS"